cobaltstrike | aadad16c97b547e7fe5110430861cd6660e964235ef02d274b7a10cd61ae054c

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2025 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a220433a620b4a59e7c10753dd7bf6bb
SHA1

91b5ffd8e7cc4d3c6d38a99623b650a245f6babe
SHA256

aadad16c97b547e7fe5110430861cd6660e964235ef02d274b7a10cd61ae054c
SHA512

f581380e3546ebafac0f52dd0fd82f4d6e31c36744bc91351666b98cf40ae781af63d9a892920deee2921de9828fd3114890d8395710f5bb8a77a1aa937dd545
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUV:T+q56utgpPF8u/7V

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x000c000000023b99-6.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8e-11.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8d-12.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8f-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c90-29.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c8a-34.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c91-40.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c92-48.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c93-56.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c95-64.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c96-69.dat	cobalt_reflective_dll
behavioral2/files/0x000400000001e747-74.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9a-81.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9b-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9c-98.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9d-100.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9e-109.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c9f-112.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca0-121.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca1-130.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca2-140.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca4-149.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca7-162.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca8-170.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cae-201.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cad-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cac-192.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023cab-188.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023caa-183.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca9-178.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca6-160.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023ca3-147.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/4388-0-0x00007FF7A1640000-0x00007FF7A1994000-memory.dmp	xmrig
behavioral2/files/0x000c000000023b99-6.dat	xmrig
behavioral2/memory/4468-8-0x00007FF620BE0000-0x00007FF620F34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8e-11.dat	xmrig
behavioral2/files/0x0007000000023c8d-12.dat	xmrig
behavioral2/files/0x0007000000023c8f-23.dat	xmrig
behavioral2/memory/2488-24-0x00007FF790E80000-0x00007FF7911D4000-memory.dmp	xmrig
behavioral2/memory/5096-22-0x00007FF6062C0000-0x00007FF606614000-memory.dmp	xmrig
behavioral2/memory/5072-16-0x00007FF7BF260000-0x00007FF7BF5B4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c90-29.dat	xmrig
behavioral2/memory/2304-32-0x00007FF75E6D0000-0x00007FF75EA24000-memory.dmp	xmrig
behavioral2/files/0x0008000000023c8a-34.dat	xmrig
behavioral2/memory/3320-38-0x00007FF60BC90000-0x00007FF60BFE4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c91-40.dat	xmrig
behavioral2/files/0x0007000000023c92-48.dat	xmrig
behavioral2/memory/2064-42-0x00007FF66CC30000-0x00007FF66CF84000-memory.dmp	xmrig
behavioral2/memory/1416-51-0x00007FF62EC60000-0x00007FF62EFB4000-memory.dmp	xmrig
behavioral2/memory/4388-54-0x00007FF7A1640000-0x00007FF7A1994000-memory.dmp	xmrig
behavioral2/memory/2384-55-0x00007FF6CDF40000-0x00007FF6CE294000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c93-56.dat	xmrig
behavioral2/memory/4468-61-0x00007FF620BE0000-0x00007FF620F34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c95-64.dat	xmrig
behavioral2/memory/644-63-0x00007FF79D020000-0x00007FF79D374000-memory.dmp	xmrig
behavioral2/memory/5072-62-0x00007FF7BF260000-0x00007FF7BF5B4000-memory.dmp	xmrig
behavioral2/memory/5096-66-0x00007FF6062C0000-0x00007FF606614000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c96-69.dat	xmrig
behavioral2/memory/3272-72-0x00007FF6FA7E0000-0x00007FF6FAB34000-memory.dmp	xmrig
behavioral2/files/0x000400000001e747-74.dat	xmrig
behavioral2/memory/4360-77-0x00007FF6D1950000-0x00007FF6D1CA4000-memory.dmp	xmrig
behavioral2/memory/2488-76-0x00007FF790E80000-0x00007FF7911D4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9a-81.dat	xmrig
behavioral2/files/0x0007000000023c9b-87.dat	xmrig
behavioral2/memory/3052-85-0x00007FF6E1360000-0x00007FF6E16B4000-memory.dmp	xmrig
behavioral2/memory/576-90-0x00007FF651E30000-0x00007FF652184000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9c-98.dat	xmrig
behavioral2/files/0x0007000000023c9d-100.dat	xmrig
behavioral2/memory/2064-101-0x00007FF66CC30000-0x00007FF66CF84000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c9e-109.dat	xmrig
behavioral2/files/0x0007000000023c9f-112.dat	xmrig
behavioral2/memory/3816-115-0x00007FF6CB230000-0x00007FF6CB584000-memory.dmp	xmrig
behavioral2/memory/2384-114-0x00007FF6CDF40000-0x00007FF6CE294000-memory.dmp	xmrig
behavioral2/memory/3440-110-0x00007FF7C2A10000-0x00007FF7C2D64000-memory.dmp	xmrig
behavioral2/memory/1416-106-0x00007FF62EC60000-0x00007FF62EFB4000-memory.dmp	xmrig
behavioral2/memory/4428-105-0x00007FF7A22E0000-0x00007FF7A2634000-memory.dmp	xmrig
behavioral2/memory/4948-95-0x00007FF7EA0B0000-0x00007FF7EA404000-memory.dmp	xmrig
behavioral2/memory/644-119-0x00007FF79D020000-0x00007FF79D374000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca0-121.dat	xmrig
behavioral2/memory/3272-123-0x00007FF6FA7E0000-0x00007FF6FAB34000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca1-130.dat	xmrig
behavioral2/memory/4360-131-0x00007FF6D1950000-0x00007FF6D1CA4000-memory.dmp	xmrig
behavioral2/memory/2376-136-0x00007FF7CCEE0000-0x00007FF7CD234000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca2-140.dat	xmrig
behavioral2/memory/4948-144-0x00007FF7EA0B0000-0x00007FF7EA404000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca4-149.dat	xmrig
behavioral2/memory/1456-158-0x00007FF719330000-0x00007FF719684000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca7-162.dat	xmrig
behavioral2/memory/3440-164-0x00007FF7C2A10000-0x00007FF7C2D64000-memory.dmp	xmrig
behavioral2/files/0x0007000000023ca8-170.dat	xmrig
behavioral2/memory/2756-343-0x00007FF708220000-0x00007FF708574000-memory.dmp	xmrig
behavioral2/memory/2828-350-0x00007FF74D0C0000-0x00007FF74D414000-memory.dmp	xmrig
behavioral2/memory/2252-352-0x00007FF74D260000-0x00007FF74D5B4000-memory.dmp	xmrig
behavioral2/memory/3816-355-0x00007FF6CB230000-0x00007FF6CB584000-memory.dmp	xmrig
behavioral2/memory/1212-356-0x00007FF760820000-0x00007FF760B74000-memory.dmp	xmrig
behavioral2/memory/3176-348-0x00007FF6AFC40000-0x00007FF6AFF94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4468	DBInjkn.exe
5072	SNYrhnQ.exe
5096	BjIzQWC.exe
2488	yvtIHwD.exe
2304	BylsvjA.exe
3320	NbUZvkS.exe
2064	IHYMNhu.exe
1416	XvnKBLl.exe
2384	aoloFrx.exe
644	HsTgXyX.exe
3272	uCtAAbb.exe
4360	cDwgJmK.exe
3052	QJhfQBl.exe
576	zodUbnB.exe
4948	NkVVfYp.exe
4428	ybIdHwg.exe
3440	JYrbKir.exe
3816	RWwpwAe.exe
4452	dUthGih.exe
2376	EfiUEsU.exe
376	WJMThlA.exe
4348	aPBGHGR.exe
3580	wuuaUKM.exe
1456	rMSAekS.exe
2756	VWUeJCV.exe
1212	jTuBjck.exe
3176	VvdRwlk.exe
2828	ZHuiVHK.exe
2252	rSWxvFs.exe
1796	kICAeoQ.exe
3892	zHdDLPl.exe
4568	iQZkmOL.exe
2652	cXQeGHX.exe
1052	GnqKOqR.exe
3136	aFgunud.exe
3544	FiMlMcq.exe
5048	kSTzbln.exe
1960	kDPvkwf.exe
4776	kVnojrr.exe
5084	EfredhK.exe
4352	qzGnexK.exe
2960	ZNqCavp.exe
3460	LLwktvm.exe
552	bAeKbqT.exe
2088	lXniewj.exe
844	rczkfxE.exe
1644	LhEGZmh.exe
1484	dfmWbRt.exe
4792	asZoyiI.exe
2336	quXfOGp.exe
3988	HIHHgsI.exe
3864	kdBWXPI.exe
4956	HuQoUqe.exe
3296	uUHEhMD.exe
1832	cqSfNNg.exe
5068	VySRUOK.exe
2068	nhgcDUD.exe
3316	WjuHvbd.exe
1368	ZERdHTD.exe
1444	QUEQZmk.exe
4816	dtgNiUW.exe
4916	cfxeJom.exe
3000	xCNgZuR.exe
2768	keGfEzJ.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4388-0-0x00007FF7A1640000-0x00007FF7A1994000-memory.dmp	upx
behavioral2/files/0x000c000000023b99-6.dat	upx
behavioral2/memory/4468-8-0x00007FF620BE0000-0x00007FF620F34000-memory.dmp	upx
behavioral2/files/0x0007000000023c8e-11.dat	upx
behavioral2/files/0x0007000000023c8d-12.dat	upx
behavioral2/files/0x0007000000023c8f-23.dat	upx
behavioral2/memory/2488-24-0x00007FF790E80000-0x00007FF7911D4000-memory.dmp	upx
behavioral2/memory/5096-22-0x00007FF6062C0000-0x00007FF606614000-memory.dmp	upx
behavioral2/memory/5072-16-0x00007FF7BF260000-0x00007FF7BF5B4000-memory.dmp	upx
behavioral2/files/0x0007000000023c90-29.dat	upx
behavioral2/memory/2304-32-0x00007FF75E6D0000-0x00007FF75EA24000-memory.dmp	upx
behavioral2/files/0x0008000000023c8a-34.dat	upx
behavioral2/memory/3320-38-0x00007FF60BC90000-0x00007FF60BFE4000-memory.dmp	upx
behavioral2/files/0x0007000000023c91-40.dat	upx
behavioral2/files/0x0007000000023c92-48.dat	upx
behavioral2/memory/2064-42-0x00007FF66CC30000-0x00007FF66CF84000-memory.dmp	upx
behavioral2/memory/1416-51-0x00007FF62EC60000-0x00007FF62EFB4000-memory.dmp	upx
behavioral2/memory/4388-54-0x00007FF7A1640000-0x00007FF7A1994000-memory.dmp	upx
behavioral2/memory/2384-55-0x00007FF6CDF40000-0x00007FF6CE294000-memory.dmp	upx
behavioral2/files/0x0007000000023c93-56.dat	upx
behavioral2/memory/4468-61-0x00007FF620BE0000-0x00007FF620F34000-memory.dmp	upx
behavioral2/files/0x0007000000023c95-64.dat	upx
behavioral2/memory/644-63-0x00007FF79D020000-0x00007FF79D374000-memory.dmp	upx
behavioral2/memory/5072-62-0x00007FF7BF260000-0x00007FF7BF5B4000-memory.dmp	upx
behavioral2/memory/5096-66-0x00007FF6062C0000-0x00007FF606614000-memory.dmp	upx
behavioral2/files/0x0007000000023c96-69.dat	upx
behavioral2/memory/3272-72-0x00007FF6FA7E0000-0x00007FF6FAB34000-memory.dmp	upx
behavioral2/files/0x000400000001e747-74.dat	upx
behavioral2/memory/4360-77-0x00007FF6D1950000-0x00007FF6D1CA4000-memory.dmp	upx
behavioral2/memory/2488-76-0x00007FF790E80000-0x00007FF7911D4000-memory.dmp	upx
behavioral2/files/0x0007000000023c9a-81.dat	upx
behavioral2/files/0x0007000000023c9b-87.dat	upx
behavioral2/memory/3052-85-0x00007FF6E1360000-0x00007FF6E16B4000-memory.dmp	upx
behavioral2/memory/576-90-0x00007FF651E30000-0x00007FF652184000-memory.dmp	upx
behavioral2/files/0x0007000000023c9c-98.dat	upx
behavioral2/files/0x0007000000023c9d-100.dat	upx
behavioral2/memory/2064-101-0x00007FF66CC30000-0x00007FF66CF84000-memory.dmp	upx
behavioral2/files/0x0007000000023c9e-109.dat	upx
behavioral2/files/0x0007000000023c9f-112.dat	upx
behavioral2/memory/3816-115-0x00007FF6CB230000-0x00007FF6CB584000-memory.dmp	upx
behavioral2/memory/2384-114-0x00007FF6CDF40000-0x00007FF6CE294000-memory.dmp	upx
behavioral2/memory/3440-110-0x00007FF7C2A10000-0x00007FF7C2D64000-memory.dmp	upx
behavioral2/memory/1416-106-0x00007FF62EC60000-0x00007FF62EFB4000-memory.dmp	upx
behavioral2/memory/4428-105-0x00007FF7A22E0000-0x00007FF7A2634000-memory.dmp	upx
behavioral2/memory/4948-95-0x00007FF7EA0B0000-0x00007FF7EA404000-memory.dmp	upx
behavioral2/memory/644-119-0x00007FF79D020000-0x00007FF79D374000-memory.dmp	upx
behavioral2/files/0x0007000000023ca0-121.dat	upx
behavioral2/memory/3272-123-0x00007FF6FA7E0000-0x00007FF6FAB34000-memory.dmp	upx
behavioral2/files/0x0007000000023ca1-130.dat	upx
behavioral2/memory/4360-131-0x00007FF6D1950000-0x00007FF6D1CA4000-memory.dmp	upx
behavioral2/memory/2376-136-0x00007FF7CCEE0000-0x00007FF7CD234000-memory.dmp	upx
behavioral2/files/0x0007000000023ca2-140.dat	upx
behavioral2/memory/4948-144-0x00007FF7EA0B0000-0x00007FF7EA404000-memory.dmp	upx
behavioral2/files/0x0007000000023ca4-149.dat	upx
behavioral2/memory/1456-158-0x00007FF719330000-0x00007FF719684000-memory.dmp	upx
behavioral2/files/0x0007000000023ca7-162.dat	upx
behavioral2/memory/3440-164-0x00007FF7C2A10000-0x00007FF7C2D64000-memory.dmp	upx
behavioral2/files/0x0007000000023ca8-170.dat	upx
behavioral2/memory/2756-343-0x00007FF708220000-0x00007FF708574000-memory.dmp	upx
behavioral2/memory/2828-350-0x00007FF74D0C0000-0x00007FF74D414000-memory.dmp	upx
behavioral2/memory/2252-352-0x00007FF74D260000-0x00007FF74D5B4000-memory.dmp	upx
behavioral2/memory/3816-355-0x00007FF6CB230000-0x00007FF6CB584000-memory.dmp	upx
behavioral2/memory/1212-356-0x00007FF760820000-0x00007FF760B74000-memory.dmp	upx
behavioral2/memory/3176-348-0x00007FF6AFC40000-0x00007FF6AFF94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FHVIdbL.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPqDBwk.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zodUbnB.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEhGOLg.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcArDLs.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMNSlxQ.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJrQQbh.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKZHDkf.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sWHInub.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpcwSJp.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIgxsyY.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzDTnXn.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzGnexK.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcUPqnM.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXQNtor.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kzcAqex.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maRriWP.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITFNqhj.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFdxFwG.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGYJZrQ.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExBGvcu.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylVlKjS.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVdWCKU.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRFlNPR.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cMedGWl.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPNAyrK.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNjFmJl.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kkXwJRp.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQdRRum.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jiBogpY.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfxeJom.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbQFqbC.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRsWmmS.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnPerMK.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmDhDbC.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCaDMha.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmZPXUp.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHIjjXo.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXjDujh.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fazbkXx.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrCCzoN.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqfzlwC.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gCagKuF.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkLvVHX.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axWQsyj.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYGTcvZ.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhgcDUD.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWGCGJR.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SyQLYXm.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDthswl.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cgrnlnk.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnhUjGC.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqKUiGL.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpiyfAa.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUmkgdV.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNqCavp.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhWPaAC.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBkHHLR.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZDcmrg.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYMySfb.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxSroql.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUthGih.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEuVobV.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VeKNxGH.exe	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 4468	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4388 wrote to memory of 4468	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 4388 wrote to memory of 5072	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4388 wrote to memory of 5072	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 4388 wrote to memory of 5096	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4388 wrote to memory of 5096	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 4388 wrote to memory of 2488	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4388 wrote to memory of 2488	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 4388 wrote to memory of 2304	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4388 wrote to memory of 2304	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 4388 wrote to memory of 3320	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4388 wrote to memory of 3320	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 4388 wrote to memory of 2064	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4388 wrote to memory of 2064	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 4388 wrote to memory of 1416	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4388 wrote to memory of 1416	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 4388 wrote to memory of 2384	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4388 wrote to memory of 2384	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 4388 wrote to memory of 644	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4388 wrote to memory of 644	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 4388 wrote to memory of 3272	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4388 wrote to memory of 3272	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 4388 wrote to memory of 4360	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4388 wrote to memory of 4360	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 4388 wrote to memory of 3052	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4388 wrote to memory of 3052	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 4388 wrote to memory of 576	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4388 wrote to memory of 576	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 4388 wrote to memory of 4948	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4388 wrote to memory of 4948	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 4388 wrote to memory of 4428	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4388 wrote to memory of 4428	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 4388 wrote to memory of 3440	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4388 wrote to memory of 3440	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 4388 wrote to memory of 3816	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4388 wrote to memory of 3816	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 4388 wrote to memory of 4452	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4388 wrote to memory of 4452	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 4388 wrote to memory of 2376	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4388 wrote to memory of 2376	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 4388 wrote to memory of 376	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4388 wrote to memory of 376	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 4388 wrote to memory of 4348	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4388 wrote to memory of 4348	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 4388 wrote to memory of 3580	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4388 wrote to memory of 3580	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 4388 wrote to memory of 1456	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4388 wrote to memory of 1456	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 4388 wrote to memory of 2756	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4388 wrote to memory of 2756	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 4388 wrote to memory of 1212	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4388 wrote to memory of 1212	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 4388 wrote to memory of 3176	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4388 wrote to memory of 3176	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 4388 wrote to memory of 2828	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4388 wrote to memory of 2828	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 4388 wrote to memory of 2252	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4388 wrote to memory of 2252	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	115
PID 4388 wrote to memory of 1796	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4388 wrote to memory of 1796	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 4388 wrote to memory of 3892	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4388 wrote to memory of 3892	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	117
PID 4388 wrote to memory of 4568	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 4388 wrote to memory of 4568	4388	2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_a220433a620b4a59e7c10753dd7bf6bb_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Windows\System\DBInjkn.exe
  C:\Windows\System\DBInjkn.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\SNYrhnQ.exe
  C:\Windows\System\SNYrhnQ.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\BjIzQWC.exe
  C:\Windows\System\BjIzQWC.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\yvtIHwD.exe
  C:\Windows\System\yvtIHwD.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\BylsvjA.exe
  C:\Windows\System\BylsvjA.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\NbUZvkS.exe
  C:\Windows\System\NbUZvkS.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\IHYMNhu.exe
  C:\Windows\System\IHYMNhu.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\XvnKBLl.exe
  C:\Windows\System\XvnKBLl.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\aoloFrx.exe
  C:\Windows\System\aoloFrx.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\HsTgXyX.exe
  C:\Windows\System\HsTgXyX.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\uCtAAbb.exe
  C:\Windows\System\uCtAAbb.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\cDwgJmK.exe
  C:\Windows\System\cDwgJmK.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\QJhfQBl.exe
  C:\Windows\System\QJhfQBl.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\zodUbnB.exe
  C:\Windows\System\zodUbnB.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\NkVVfYp.exe
  C:\Windows\System\NkVVfYp.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Windows\System\ybIdHwg.exe
  C:\Windows\System\ybIdHwg.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\JYrbKir.exe
  C:\Windows\System\JYrbKir.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\RWwpwAe.exe
  C:\Windows\System\RWwpwAe.exe
  2⤵
  - Executes dropped EXE
  PID:3816
- C:\Windows\System\dUthGih.exe
  C:\Windows\System\dUthGih.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\EfiUEsU.exe
  C:\Windows\System\EfiUEsU.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\WJMThlA.exe
  C:\Windows\System\WJMThlA.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\aPBGHGR.exe
  C:\Windows\System\aPBGHGR.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\wuuaUKM.exe
  C:\Windows\System\wuuaUKM.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\rMSAekS.exe
  C:\Windows\System\rMSAekS.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\VWUeJCV.exe
  C:\Windows\System\VWUeJCV.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\jTuBjck.exe
  C:\Windows\System\jTuBjck.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\VvdRwlk.exe
  C:\Windows\System\VvdRwlk.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\ZHuiVHK.exe
  C:\Windows\System\ZHuiVHK.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\rSWxvFs.exe
  C:\Windows\System\rSWxvFs.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\kICAeoQ.exe
  C:\Windows\System\kICAeoQ.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\zHdDLPl.exe
  C:\Windows\System\zHdDLPl.exe
  2⤵
  - Executes dropped EXE
  PID:3892
- C:\Windows\System\iQZkmOL.exe
  C:\Windows\System\iQZkmOL.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\cXQeGHX.exe
  C:\Windows\System\cXQeGHX.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\GnqKOqR.exe
  C:\Windows\System\GnqKOqR.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\aFgunud.exe
  C:\Windows\System\aFgunud.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\FiMlMcq.exe
  C:\Windows\System\FiMlMcq.exe
  2⤵
  - Executes dropped EXE
  PID:3544
- C:\Windows\System\kSTzbln.exe
  C:\Windows\System\kSTzbln.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\kDPvkwf.exe
  C:\Windows\System\kDPvkwf.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\kVnojrr.exe
  C:\Windows\System\kVnojrr.exe
  2⤵
  - Executes dropped EXE
  PID:4776
- C:\Windows\System\EfredhK.exe
  C:\Windows\System\EfredhK.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\qzGnexK.exe
  C:\Windows\System\qzGnexK.exe
  2⤵
  - Executes dropped EXE
  PID:4352
- C:\Windows\System\ZNqCavp.exe
  C:\Windows\System\ZNqCavp.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\LLwktvm.exe
  C:\Windows\System\LLwktvm.exe
  2⤵
  - Executes dropped EXE
  PID:3460
- C:\Windows\System\bAeKbqT.exe
  C:\Windows\System\bAeKbqT.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\lXniewj.exe
  C:\Windows\System\lXniewj.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\rczkfxE.exe
  C:\Windows\System\rczkfxE.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\LhEGZmh.exe
  C:\Windows\System\LhEGZmh.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\dfmWbRt.exe
  C:\Windows\System\dfmWbRt.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\asZoyiI.exe
  C:\Windows\System\asZoyiI.exe
  2⤵
  - Executes dropped EXE
  PID:4792
- C:\Windows\System\quXfOGp.exe
  C:\Windows\System\quXfOGp.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\HIHHgsI.exe
  C:\Windows\System\HIHHgsI.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\kdBWXPI.exe
  C:\Windows\System\kdBWXPI.exe
  2⤵
  - Executes dropped EXE
  PID:3864
- C:\Windows\System\HuQoUqe.exe
  C:\Windows\System\HuQoUqe.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\uUHEhMD.exe
  C:\Windows\System\uUHEhMD.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\cqSfNNg.exe
  C:\Windows\System\cqSfNNg.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\VySRUOK.exe
  C:\Windows\System\VySRUOK.exe
  2⤵
  - Executes dropped EXE
  PID:5068
- C:\Windows\System\nhgcDUD.exe
  C:\Windows\System\nhgcDUD.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\WjuHvbd.exe
  C:\Windows\System\WjuHvbd.exe
  2⤵
  - Executes dropped EXE
  PID:3316
- C:\Windows\System\ZERdHTD.exe
  C:\Windows\System\ZERdHTD.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\QUEQZmk.exe
  C:\Windows\System\QUEQZmk.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\dtgNiUW.exe
  C:\Windows\System\dtgNiUW.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\cfxeJom.exe
  C:\Windows\System\cfxeJom.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\xCNgZuR.exe
  C:\Windows\System\xCNgZuR.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\keGfEzJ.exe
  C:\Windows\System\keGfEzJ.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\PXdhISO.exe
  C:\Windows\System\PXdhISO.exe
  2⤵
  PID:2968
- C:\Windows\System\MZzEKmU.exe
  C:\Windows\System\MZzEKmU.exe
  2⤵
  PID:2640
- C:\Windows\System\xSfuShP.exe
  C:\Windows\System\xSfuShP.exe
  2⤵
  PID:4172
- C:\Windows\System\yStYAkD.exe
  C:\Windows\System\yStYAkD.exe
  2⤵
  PID:3768
- C:\Windows\System\FkLvVHX.exe
  C:\Windows\System\FkLvVHX.exe
  2⤵
  PID:3948
- C:\Windows\System\ODojHwO.exe
  C:\Windows\System\ODojHwO.exe
  2⤵
  PID:2332
- C:\Windows\System\OXOtCKN.exe
  C:\Windows\System\OXOtCKN.exe
  2⤵
  PID:2060
- C:\Windows\System\axWQsyj.exe
  C:\Windows\System\axWQsyj.exe
  2⤵
  PID:4308
- C:\Windows\System\GRyyqLq.exe
  C:\Windows\System\GRyyqLq.exe
  2⤵
  PID:4632
- C:\Windows\System\SqwSGGL.exe
  C:\Windows\System\SqwSGGL.exe
  2⤵
  PID:3240
- C:\Windows\System\XGoQMbT.exe
  C:\Windows\System\XGoQMbT.exe
  2⤵
  PID:1952
- C:\Windows\System\OhpDogi.exe
  C:\Windows\System\OhpDogi.exe
  2⤵
  PID:3220
- C:\Windows\System\pFeufkM.exe
  C:\Windows\System\pFeufkM.exe
  2⤵
  PID:2656
- C:\Windows\System\vmdFegS.exe
  C:\Windows\System\vmdFegS.exe
  2⤵
  PID:4404
- C:\Windows\System\ddKDzZF.exe
  C:\Windows\System\ddKDzZF.exe
  2⤵
  PID:3016
- C:\Windows\System\xoRNeEr.exe
  C:\Windows\System\xoRNeEr.exe
  2⤵
  PID:708
- C:\Windows\System\gjHNHAS.exe
  C:\Windows\System\gjHNHAS.exe
  2⤵
  PID:4752
- C:\Windows\System\sHKheUQ.exe
  C:\Windows\System\sHKheUQ.exe
  2⤵
  PID:4908
- C:\Windows\System\HlpNnVI.exe
  C:\Windows\System\HlpNnVI.exe
  2⤵
  PID:820
- C:\Windows\System\xiPuXrI.exe
  C:\Windows\System\xiPuXrI.exe
  2⤵
  PID:3692
- C:\Windows\System\kzcAqex.exe
  C:\Windows\System\kzcAqex.exe
  2⤵
  PID:1844
- C:\Windows\System\jBkHHLR.exe
  C:\Windows\System\jBkHHLR.exe
  2⤵
  PID:4508
- C:\Windows\System\mkMTaUc.exe
  C:\Windows\System\mkMTaUc.exe
  2⤵
  PID:2328
- C:\Windows\System\OLEIVRl.exe
  C:\Windows\System\OLEIVRl.exe
  2⤵
  PID:5148
- C:\Windows\System\Jdcsjoi.exe
  C:\Windows\System\Jdcsjoi.exe
  2⤵
  PID:5180
- C:\Windows\System\DHIjjXo.exe
  C:\Windows\System\DHIjjXo.exe
  2⤵
  PID:5216
- C:\Windows\System\INoseAF.exe
  C:\Windows\System\INoseAF.exe
  2⤵
  PID:5248
- C:\Windows\System\nvLDNaV.exe
  C:\Windows\System\nvLDNaV.exe
  2⤵
  PID:5280
- C:\Windows\System\gtCeiXD.exe
  C:\Windows\System\gtCeiXD.exe
  2⤵
  PID:5308
- C:\Windows\System\NJRSSja.exe
  C:\Windows\System\NJRSSja.exe
  2⤵
  PID:5340
- C:\Windows\System\SRgdWcb.exe
  C:\Windows\System\SRgdWcb.exe
  2⤵
  PID:5368
- C:\Windows\System\UJQORJp.exe
  C:\Windows\System\UJQORJp.exe
  2⤵
  PID:5400
- C:\Windows\System\MbMSxED.exe
  C:\Windows\System\MbMSxED.exe
  2⤵
  PID:5428
- C:\Windows\System\OTCXevZ.exe
  C:\Windows\System\OTCXevZ.exe
  2⤵
  PID:5464
- C:\Windows\System\biUYAlw.exe
  C:\Windows\System\biUYAlw.exe
  2⤵
  PID:5492
- C:\Windows\System\WvrDToJ.exe
  C:\Windows\System\WvrDToJ.exe
  2⤵
  PID:5520
- C:\Windows\System\PxLnRak.exe
  C:\Windows\System\PxLnRak.exe
  2⤵
  PID:5548
- C:\Windows\System\Cgrnlnk.exe
  C:\Windows\System\Cgrnlnk.exe
  2⤵
  PID:5576
- C:\Windows\System\RULQIYU.exe
  C:\Windows\System\RULQIYU.exe
  2⤵
  PID:5604
- C:\Windows\System\VkWjDvK.exe
  C:\Windows\System\VkWjDvK.exe
  2⤵
  PID:5632
- C:\Windows\System\RnhUjGC.exe
  C:\Windows\System\RnhUjGC.exe
  2⤵
  PID:5660
- C:\Windows\System\gcmxyow.exe
  C:\Windows\System\gcmxyow.exe
  2⤵
  PID:5688
- C:\Windows\System\FPBQKgF.exe
  C:\Windows\System\FPBQKgF.exe
  2⤵
  PID:5716
- C:\Windows\System\oxNmWBV.exe
  C:\Windows\System\oxNmWBV.exe
  2⤵
  PID:5756
- C:\Windows\System\fZAHYnM.exe
  C:\Windows\System\fZAHYnM.exe
  2⤵
  PID:5784
- C:\Windows\System\TSwRqfk.exe
  C:\Windows\System\TSwRqfk.exe
  2⤵
  PID:5800
- C:\Windows\System\gsQmuJl.exe
  C:\Windows\System\gsQmuJl.exe
  2⤵
  PID:5840
- C:\Windows\System\VJWrHDn.exe
  C:\Windows\System\VJWrHDn.exe
  2⤵
  PID:5856
- C:\Windows\System\OBswcXX.exe
  C:\Windows\System\OBswcXX.exe
  2⤵
  PID:5884
- C:\Windows\System\aVSqXbJ.exe
  C:\Windows\System\aVSqXbJ.exe
  2⤵
  PID:5912
- C:\Windows\System\TTYCbHo.exe
  C:\Windows\System\TTYCbHo.exe
  2⤵
  PID:5940
- C:\Windows\System\OdBefpI.exe
  C:\Windows\System\OdBefpI.exe
  2⤵
  PID:5968
- C:\Windows\System\JJaOVKf.exe
  C:\Windows\System\JJaOVKf.exe
  2⤵
  PID:5996
- C:\Windows\System\YEFoanD.exe
  C:\Windows\System\YEFoanD.exe
  2⤵
  PID:6024
- C:\Windows\System\AUJMrAG.exe
  C:\Windows\System\AUJMrAG.exe
  2⤵
  PID:6052
- C:\Windows\System\mbQFqbC.exe
  C:\Windows\System\mbQFqbC.exe
  2⤵
  PID:6080
- C:\Windows\System\CMSnFuL.exe
  C:\Windows\System\CMSnFuL.exe
  2⤵
  PID:6108
- C:\Windows\System\WkqeoYd.exe
  C:\Windows\System\WkqeoYd.exe
  2⤵
  PID:6136
- C:\Windows\System\vmLhNsO.exe
  C:\Windows\System\vmLhNsO.exe
  2⤵
  PID:3120
- C:\Windows\System\lTCllKW.exe
  C:\Windows\System\lTCllKW.exe
  2⤵
  PID:5196
- C:\Windows\System\THUJIKm.exe
  C:\Windows\System\THUJIKm.exe
  2⤵
  PID:5232
- C:\Windows\System\orewFLy.exe
  C:\Windows\System\orewFLy.exe
  2⤵
  PID:5396
- C:\Windows\System\GSoFzyM.exe
  C:\Windows\System\GSoFzyM.exe
  2⤵
  PID:5476
- C:\Windows\System\ePcCcYu.exe
  C:\Windows\System\ePcCcYu.exe
  2⤵
  PID:1860
- C:\Windows\System\AEpjkqC.exe
  C:\Windows\System\AEpjkqC.exe
  2⤵
  PID:5644
- C:\Windows\System\mXjDujh.exe
  C:\Windows\System\mXjDujh.exe
  2⤵
  PID:5680
- C:\Windows\System\ApPnFXD.exe
  C:\Windows\System\ApPnFXD.exe
  2⤵
  PID:5732
- C:\Windows\System\IxMQJaG.exe
  C:\Windows\System\IxMQJaG.exe
  2⤵
  PID:5796
- C:\Windows\System\DANEsuY.exe
  C:\Windows\System\DANEsuY.exe
  2⤵
  PID:5896
- C:\Windows\System\NjbFmtz.exe
  C:\Windows\System\NjbFmtz.exe
  2⤵
  PID:5952
- C:\Windows\System\NSgdzpR.exe
  C:\Windows\System\NSgdzpR.exe
  2⤵
  PID:5988
- C:\Windows\System\hEuVobV.exe
  C:\Windows\System\hEuVobV.exe
  2⤵
  PID:6044
- C:\Windows\System\rIyDfpt.exe
  C:\Windows\System\rIyDfpt.exe
  2⤵
  PID:6128
- C:\Windows\System\ZCPnWsJ.exe
  C:\Windows\System\ZCPnWsJ.exe
  2⤵
  PID:5124
- C:\Windows\System\oLvRKeB.exe
  C:\Windows\System\oLvRKeB.exe
  2⤵
  PID:5304
- C:\Windows\System\WRVHqLJ.exe
  C:\Windows\System\WRVHqLJ.exe
  2⤵
  PID:4764
- C:\Windows\System\dNPOUzm.exe
  C:\Windows\System\dNPOUzm.exe
  2⤵
  PID:3516
- C:\Windows\System\lTbNBuZ.exe
  C:\Windows\System\lTbNBuZ.exe
  2⤵
  PID:2396
- C:\Windows\System\rplybHx.exe
  C:\Windows\System\rplybHx.exe
  2⤵
  PID:2896
- C:\Windows\System\sHWEMgQ.exe
  C:\Windows\System\sHWEMgQ.exe
  2⤵
  PID:4528
- C:\Windows\System\ESpjjgx.exe
  C:\Windows\System\ESpjjgx.exe
  2⤵
  PID:5484
- C:\Windows\System\JVxPOsK.exe
  C:\Windows\System\JVxPOsK.exe
  2⤵
  PID:5620
- C:\Windows\System\jDeygoK.exe
  C:\Windows\System\jDeygoK.exe
  2⤵
  PID:5828
- C:\Windows\System\osWsdMZ.exe
  C:\Windows\System\osWsdMZ.exe
  2⤵
  PID:5928
- C:\Windows\System\yjwiRXM.exe
  C:\Windows\System\yjwiRXM.exe
  2⤵
  PID:6100
- C:\Windows\System\RWGCGJR.exe
  C:\Windows\System\RWGCGJR.exe
  2⤵
  PID:5160
- C:\Windows\System\eWVlcQX.exe
  C:\Windows\System\eWVlcQX.exe
  2⤵
  PID:1616
- C:\Windows\System\hSDrSei.exe
  C:\Windows\System\hSDrSei.exe
  2⤵
  PID:3508
- C:\Windows\System\HjgTBrR.exe
  C:\Windows\System\HjgTBrR.exe
  2⤵
  PID:4940
- C:\Windows\System\nEefNlX.exe
  C:\Windows\System\nEefNlX.exe
  2⤵
  PID:5900
- C:\Windows\System\GrQptbo.exe
  C:\Windows\System\GrQptbo.exe
  2⤵
  PID:2904
- C:\Windows\System\HuznpvN.exe
  C:\Windows\System\HuznpvN.exe
  2⤵
  PID:1352
- C:\Windows\System\MWahTBd.exe
  C:\Windows\System\MWahTBd.exe
  2⤵
  PID:5792
- C:\Windows\System\QtXoSmc.exe
  C:\Windows\System\QtXoSmc.exe
  2⤵
  PID:1728
- C:\Windows\System\jHifOnH.exe
  C:\Windows\System\jHifOnH.exe
  2⤵
  PID:5424
- C:\Windows\System\eDALNPN.exe
  C:\Windows\System\eDALNPN.exe
  2⤵
  PID:6172
- C:\Windows\System\uRPmbur.exe
  C:\Windows\System\uRPmbur.exe
  2⤵
  PID:6200
- C:\Windows\System\qPbphcA.exe
  C:\Windows\System\qPbphcA.exe
  2⤵
  PID:6228
- C:\Windows\System\DEwsCrp.exe
  C:\Windows\System\DEwsCrp.exe
  2⤵
  PID:6260
- C:\Windows\System\gzhphkG.exe
  C:\Windows\System\gzhphkG.exe
  2⤵
  PID:6288
- C:\Windows\System\ymwKljF.exe
  C:\Windows\System\ymwKljF.exe
  2⤵
  PID:6316
- C:\Windows\System\tVBrCLB.exe
  C:\Windows\System\tVBrCLB.exe
  2⤵
  PID:6376
- C:\Windows\System\nzdVoTW.exe
  C:\Windows\System\nzdVoTW.exe
  2⤵
  PID:6404
- C:\Windows\System\WOiuHzQ.exe
  C:\Windows\System\WOiuHzQ.exe
  2⤵
  PID:6436
- C:\Windows\System\xPpqUMq.exe
  C:\Windows\System\xPpqUMq.exe
  2⤵
  PID:6472
- C:\Windows\System\WIXXnva.exe
  C:\Windows\System\WIXXnva.exe
  2⤵
  PID:6508
- C:\Windows\System\OlTDQYn.exe
  C:\Windows\System\OlTDQYn.exe
  2⤵
  PID:6532
- C:\Windows\System\GxyKhkT.exe
  C:\Windows\System\GxyKhkT.exe
  2⤵
  PID:6564
- C:\Windows\System\BQRffdX.exe
  C:\Windows\System\BQRffdX.exe
  2⤵
  PID:6588
- C:\Windows\System\MKgadex.exe
  C:\Windows\System\MKgadex.exe
  2⤵
  PID:6620
- C:\Windows\System\CxSroql.exe
  C:\Windows\System\CxSroql.exe
  2⤵
  PID:6680
- C:\Windows\System\PVKztdg.exe
  C:\Windows\System\PVKztdg.exe
  2⤵
  PID:6740
- C:\Windows\System\fqKUiGL.exe
  C:\Windows\System\fqKUiGL.exe
  2⤵
  PID:6820
- C:\Windows\System\maRriWP.exe
  C:\Windows\System\maRriWP.exe
  2⤵
  PID:6848
- C:\Windows\System\BkZOvdP.exe
  C:\Windows\System\BkZOvdP.exe
  2⤵
  PID:6892
- C:\Windows\System\OdDnAIC.exe
  C:\Windows\System\OdDnAIC.exe
  2⤵
  PID:6928
- C:\Windows\System\bFdxFwG.exe
  C:\Windows\System\bFdxFwG.exe
  2⤵
  PID:6964
- C:\Windows\System\HrCIrzD.exe
  C:\Windows\System\HrCIrzD.exe
  2⤵
  PID:7000
- C:\Windows\System\ruPWQIU.exe
  C:\Windows\System\ruPWQIU.exe
  2⤵
  PID:7052
- C:\Windows\System\fpUDCuA.exe
  C:\Windows\System\fpUDCuA.exe
  2⤵
  PID:7088
- C:\Windows\System\niaqzRc.exe
  C:\Windows\System\niaqzRc.exe
  2⤵
  PID:7112
- C:\Windows\System\dVDTvDX.exe
  C:\Windows\System\dVDTvDX.exe
  2⤵
  PID:7144
- C:\Windows\System\JcFjpgQ.exe
  C:\Windows\System\JcFjpgQ.exe
  2⤵
  PID:6156
- C:\Windows\System\ImviMYY.exe
  C:\Windows\System\ImviMYY.exe
  2⤵
  PID:6212
- C:\Windows\System\FmhMort.exe
  C:\Windows\System\FmhMort.exe
  2⤵
  PID:6268
- C:\Windows\System\RedSNEn.exe
  C:\Windows\System\RedSNEn.exe
  2⤵
  PID:2588
- C:\Windows\System\DVdJMXr.exe
  C:\Windows\System\DVdJMXr.exe
  2⤵
  PID:6384
- C:\Windows\System\UtWUNPJ.exe
  C:\Windows\System\UtWUNPJ.exe
  2⤵
  PID:6480
- C:\Windows\System\ygvxESS.exe
  C:\Windows\System\ygvxESS.exe
  2⤵
  PID:6524
- C:\Windows\System\cmsBXfq.exe
  C:\Windows\System\cmsBXfq.exe
  2⤵
  PID:6580
- C:\Windows\System\yePmWAC.exe
  C:\Windows\System\yePmWAC.exe
  2⤵
  PID:6648
- C:\Windows\System\DaFlldb.exe
  C:\Windows\System\DaFlldb.exe
  2⤵
  PID:6832
- C:\Windows\System\yawUclw.exe
  C:\Windows\System\yawUclw.exe
  2⤵
  PID:6912
- C:\Windows\System\tVNANkx.exe
  C:\Windows\System\tVNANkx.exe
  2⤵
  PID:2288
- C:\Windows\System\yAvCPsd.exe
  C:\Windows\System\yAvCPsd.exe
  2⤵
  PID:1596
- C:\Windows\System\LhWXzIN.exe
  C:\Windows\System\LhWXzIN.exe
  2⤵
  PID:7068
- C:\Windows\System\KbkJYnz.exe
  C:\Windows\System\KbkJYnz.exe
  2⤵
  PID:7016
- C:\Windows\System\TjuNoOq.exe
  C:\Windows\System\TjuNoOq.exe
  2⤵
  PID:7008
- C:\Windows\System\hJcVpsa.exe
  C:\Windows\System\hJcVpsa.exe
  2⤵
  PID:6148
- C:\Windows\System\PNXDtkG.exe
  C:\Windows\System\PNXDtkG.exe
  2⤵
  PID:5768
- C:\Windows\System\ITFNqhj.exe
  C:\Windows\System\ITFNqhj.exe
  2⤵
  PID:2016
- C:\Windows\System\drYCgSU.exe
  C:\Windows\System\drYCgSU.exe
  2⤵
  PID:6516
- C:\Windows\System\CcjIuul.exe
  C:\Windows\System\CcjIuul.exe
  2⤵
  PID:6496
- C:\Windows\System\nzANCQk.exe
  C:\Windows\System\nzANCQk.exe
  2⤵
  PID:6924
- C:\Windows\System\eImOjZh.exe
  C:\Windows\System\eImOjZh.exe
  2⤵
  PID:7032
- C:\Windows\System\jUhHvYK.exe
  C:\Windows\System\jUhHvYK.exe
  2⤵
  PID:7124
- C:\Windows\System\cmsasSi.exe
  C:\Windows\System\cmsasSi.exe
  2⤵
  PID:6220
- C:\Windows\System\dNsfLVD.exe
  C:\Windows\System\dNsfLVD.exe
  2⤵
  PID:6240
- C:\Windows\System\zDZjpvH.exe
  C:\Windows\System\zDZjpvH.exe
  2⤵
  PID:4316
- C:\Windows\System\FiqYxgy.exe
  C:\Windows\System\FiqYxgy.exe
  2⤵
  PID:4524
- C:\Windows\System\rXFTppo.exe
  C:\Windows\System\rXFTppo.exe
  2⤵
  PID:7024
- C:\Windows\System\DbaAdZZ.exe
  C:\Windows\System\DbaAdZZ.exe
  2⤵
  PID:1836
- C:\Windows\System\DVdWCKU.exe
  C:\Windows\System\DVdWCKU.exe
  2⤵
  PID:7200
- C:\Windows\System\OKtxkOx.exe
  C:\Windows\System\OKtxkOx.exe
  2⤵
  PID:7216
- C:\Windows\System\QiJsSxR.exe
  C:\Windows\System\QiJsSxR.exe
  2⤵
  PID:7244
- C:\Windows\System\BUNMIdy.exe
  C:\Windows\System\BUNMIdy.exe
  2⤵
  PID:7268
- C:\Windows\System\rATmCpe.exe
  C:\Windows\System\rATmCpe.exe
  2⤵
  PID:7296
- C:\Windows\System\MwQmqjT.exe
  C:\Windows\System\MwQmqjT.exe
  2⤵
  PID:7328
- C:\Windows\System\mXzWJOS.exe
  C:\Windows\System\mXzWJOS.exe
  2⤵
  PID:7356
- C:\Windows\System\rWNZIAQ.exe
  C:\Windows\System\rWNZIAQ.exe
  2⤵
  PID:7388
- C:\Windows\System\FbgGlKU.exe
  C:\Windows\System\FbgGlKU.exe
  2⤵
  PID:7424
- C:\Windows\System\lgkqVUi.exe
  C:\Windows\System\lgkqVUi.exe
  2⤵
  PID:7472
- C:\Windows\System\UjZSOvp.exe
  C:\Windows\System\UjZSOvp.exe
  2⤵
  PID:7512
- C:\Windows\System\xiuEvGr.exe
  C:\Windows\System\xiuEvGr.exe
  2⤵
  PID:7548
- C:\Windows\System\gEhGOLg.exe
  C:\Windows\System\gEhGOLg.exe
  2⤵
  PID:7576
- C:\Windows\System\reyHnYH.exe
  C:\Windows\System\reyHnYH.exe
  2⤵
  PID:7620
- C:\Windows\System\GRyWMbN.exe
  C:\Windows\System\GRyWMbN.exe
  2⤵
  PID:7652
- C:\Windows\System\qlDPIIu.exe
  C:\Windows\System\qlDPIIu.exe
  2⤵
  PID:7700
- C:\Windows\System\HpxYMXc.exe
  C:\Windows\System\HpxYMXc.exe
  2⤵
  PID:7732
- C:\Windows\System\IqIimbG.exe
  C:\Windows\System\IqIimbG.exe
  2⤵
  PID:7768
- C:\Windows\System\CzqXBoz.exe
  C:\Windows\System\CzqXBoz.exe
  2⤵
  PID:7800
- C:\Windows\System\yEeRjda.exe
  C:\Windows\System\yEeRjda.exe
  2⤵
  PID:7816
- C:\Windows\System\SQvBwzd.exe
  C:\Windows\System\SQvBwzd.exe
  2⤵
  PID:7844
- C:\Windows\System\eOWnLmm.exe
  C:\Windows\System\eOWnLmm.exe
  2⤵
  PID:7864
- C:\Windows\System\mtUbpsm.exe
  C:\Windows\System\mtUbpsm.exe
  2⤵
  PID:7896
- C:\Windows\System\CNKFQlE.exe
  C:\Windows\System\CNKFQlE.exe
  2⤵
  PID:7944
- C:\Windows\System\SpyMoZX.exe
  C:\Windows\System\SpyMoZX.exe
  2⤵
  PID:7964
- C:\Windows\System\NMRqaFN.exe
  C:\Windows\System\NMRqaFN.exe
  2⤵
  PID:8000
- C:\Windows\System\UBzBOzF.exe
  C:\Windows\System\UBzBOzF.exe
  2⤵
  PID:8036
- C:\Windows\System\EMojrXQ.exe
  C:\Windows\System\EMojrXQ.exe
  2⤵
  PID:8068
- C:\Windows\System\siZHiSL.exe
  C:\Windows\System\siZHiSL.exe
  2⤵
  PID:8096
- C:\Windows\System\XByEQVw.exe
  C:\Windows\System\XByEQVw.exe
  2⤵
  PID:8140
- C:\Windows\System\LqMkZhz.exe
  C:\Windows\System\LqMkZhz.exe
  2⤵
  PID:8164
- C:\Windows\System\zYPrnRl.exe
  C:\Windows\System\zYPrnRl.exe
  2⤵
  PID:7180
- C:\Windows\System\xbxJMyV.exe
  C:\Windows\System\xbxJMyV.exe
  2⤵
  PID:7256
- C:\Windows\System\okxunmA.exe
  C:\Windows\System\okxunmA.exe
  2⤵
  PID:7324
- C:\Windows\System\qcEXfQh.exe
  C:\Windows\System\qcEXfQh.exe
  2⤵
  PID:7376
- C:\Windows\System\hoKODOX.exe
  C:\Windows\System\hoKODOX.exe
  2⤵
  PID:7492
- C:\Windows\System\uvWolXz.exe
  C:\Windows\System\uvWolXz.exe
  2⤵
  PID:6452
- C:\Windows\System\QdbUgxo.exe
  C:\Windows\System\QdbUgxo.exe
  2⤵
  PID:7528
- C:\Windows\System\zjFmdBT.exe
  C:\Windows\System\zjFmdBT.exe
  2⤵
  PID:7596
- C:\Windows\System\xZwPAdE.exe
  C:\Windows\System\xZwPAdE.exe
  2⤵
  PID:2776
- C:\Windows\System\bXQPwoU.exe
  C:\Windows\System\bXQPwoU.exe
  2⤵
  PID:7752
- C:\Windows\System\NShIWDt.exe
  C:\Windows\System\NShIWDt.exe
  2⤵
  PID:7828
- C:\Windows\System\sYArVdf.exe
  C:\Windows\System\sYArVdf.exe
  2⤵
  PID:7856
- C:\Windows\System\InoxFRQ.exe
  C:\Windows\System\InoxFRQ.exe
  2⤵
  PID:7952
- C:\Windows\System\YAQhPyu.exe
  C:\Windows\System\YAQhPyu.exe
  2⤵
  PID:7988
- C:\Windows\System\jjhWoUD.exe
  C:\Windows\System\jjhWoUD.exe
  2⤵
  PID:3564
- C:\Windows\System\cFubvRe.exe
  C:\Windows\System\cFubvRe.exe
  2⤵
  PID:4016
- C:\Windows\System\FSPAbLz.exe
  C:\Windows\System\FSPAbLz.exe
  2⤵
  PID:2536
- C:\Windows\System\PRpnIvn.exe
  C:\Windows\System\PRpnIvn.exe
  2⤵
  PID:8120
- C:\Windows\System\NptWEqu.exe
  C:\Windows\System\NptWEqu.exe
  2⤵
  PID:8172
- C:\Windows\System\uglXfdV.exe
  C:\Windows\System\uglXfdV.exe
  2⤵
  PID:7208
- C:\Windows\System\eApGPpv.exe
  C:\Windows\System\eApGPpv.exe
  2⤵
  PID:7348
- C:\Windows\System\IRsWmmS.exe
  C:\Windows\System\IRsWmmS.exe
  2⤵
  PID:6332
- C:\Windows\System\HHXTafX.exe
  C:\Windows\System\HHXTafX.exe
  2⤵
  PID:7612
- C:\Windows\System\DOMfoHD.exe
  C:\Windows\System\DOMfoHD.exe
  2⤵
  PID:7780
- C:\Windows\System\pgPkzWr.exe
  C:\Windows\System\pgPkzWr.exe
  2⤵
  PID:7904
- C:\Windows\System\ahhcanF.exe
  C:\Windows\System\ahhcanF.exe
  2⤵
  PID:3092
- C:\Windows\System\sMKZSys.exe
  C:\Windows\System\sMKZSys.exe
  2⤵
  PID:3740
- C:\Windows\System\UeaAdjt.exe
  C:\Windows\System\UeaAdjt.exe
  2⤵
  PID:8180
- C:\Windows\System\vacZlvd.exe
  C:\Windows\System\vacZlvd.exe
  2⤵
  PID:7420
- C:\Windows\System\sZrSDzE.exe
  C:\Windows\System\sZrSDzE.exe
  2⤵
  PID:7692
- C:\Windows\System\eKNKPIn.exe
  C:\Windows\System\eKNKPIn.exe
  2⤵
  PID:7984
- C:\Windows\System\CHblGqJ.exe
  C:\Windows\System\CHblGqJ.exe
  2⤵
  PID:8052
- C:\Windows\System\tFTDxHY.exe
  C:\Windows\System\tFTDxHY.exe
  2⤵
  PID:1504
- C:\Windows\System\gSWtIvg.exe
  C:\Windows\System\gSWtIvg.exe
  2⤵
  PID:7876
- C:\Windows\System\pRFlNPR.exe
  C:\Windows\System\pRFlNPR.exe
  2⤵
  PID:7284
- C:\Windows\System\pHStJSt.exe
  C:\Windows\System\pHStJSt.exe
  2⤵
  PID:8124
- C:\Windows\System\keeBvHD.exe
  C:\Windows\System\keeBvHD.exe
  2⤵
  PID:8204
- C:\Windows\System\ejBRyBR.exe
  C:\Windows\System\ejBRyBR.exe
  2⤵
  PID:8236
- C:\Windows\System\WCDgFhr.exe
  C:\Windows\System\WCDgFhr.exe
  2⤵
  PID:8264
- C:\Windows\System\GHqwHjj.exe
  C:\Windows\System\GHqwHjj.exe
  2⤵
  PID:8284
- C:\Windows\System\EKiiTYR.exe
  C:\Windows\System\EKiiTYR.exe
  2⤵
  PID:8320
- C:\Windows\System\fkkreeJ.exe
  C:\Windows\System\fkkreeJ.exe
  2⤵
  PID:8344
- C:\Windows\System\UPNAyrK.exe
  C:\Windows\System\UPNAyrK.exe
  2⤵
  PID:8368
- C:\Windows\System\YsOezDc.exe
  C:\Windows\System\YsOezDc.exe
  2⤵
  PID:8408
- C:\Windows\System\qsMqFoI.exe
  C:\Windows\System\qsMqFoI.exe
  2⤵
  PID:8432
- C:\Windows\System\aGnMqSB.exe
  C:\Windows\System\aGnMqSB.exe
  2⤵
  PID:8460
- C:\Windows\System\ZByULHh.exe
  C:\Windows\System\ZByULHh.exe
  2⤵
  PID:8488
- C:\Windows\System\POaGsEU.exe
  C:\Windows\System\POaGsEU.exe
  2⤵
  PID:8516
- C:\Windows\System\OJsLzjy.exe
  C:\Windows\System\OJsLzjy.exe
  2⤵
  PID:8544
- C:\Windows\System\fazbkXx.exe
  C:\Windows\System\fazbkXx.exe
  2⤵
  PID:8572
- C:\Windows\System\OMOoGZV.exe
  C:\Windows\System\OMOoGZV.exe
  2⤵
  PID:8600
- C:\Windows\System\jfhSniG.exe
  C:\Windows\System\jfhSniG.exe
  2⤵
  PID:8628
- C:\Windows\System\ojwtRrp.exe
  C:\Windows\System\ojwtRrp.exe
  2⤵
  PID:8656
- C:\Windows\System\wRyZzzK.exe
  C:\Windows\System\wRyZzzK.exe
  2⤵
  PID:8680
- C:\Windows\System\ORjIBTY.exe
  C:\Windows\System\ORjIBTY.exe
  2⤵
  PID:8712
- C:\Windows\System\QZAchTX.exe
  C:\Windows\System\QZAchTX.exe
  2⤵
  PID:8740
- C:\Windows\System\kSPFGpi.exe
  C:\Windows\System\kSPFGpi.exe
  2⤵
  PID:8772
- C:\Windows\System\nYgRleH.exe
  C:\Windows\System\nYgRleH.exe
  2⤵
  PID:8800
- C:\Windows\System\wDqnwrZ.exe
  C:\Windows\System\wDqnwrZ.exe
  2⤵
  PID:8828
- C:\Windows\System\GseGGwl.exe
  C:\Windows\System\GseGGwl.exe
  2⤵
  PID:8860
- C:\Windows\System\fegMLEW.exe
  C:\Windows\System\fegMLEW.exe
  2⤵
  PID:8884
- C:\Windows\System\hwZrgyE.exe
  C:\Windows\System\hwZrgyE.exe
  2⤵
  PID:8912
- C:\Windows\System\xKYNgLm.exe
  C:\Windows\System\xKYNgLm.exe
  2⤵
  PID:8936
- C:\Windows\System\kKQOesm.exe
  C:\Windows\System\kKQOesm.exe
  2⤵
  PID:8968
- C:\Windows\System\aIsZzjh.exe
  C:\Windows\System\aIsZzjh.exe
  2⤵
  PID:9000
- C:\Windows\System\VYHYFTT.exe
  C:\Windows\System\VYHYFTT.exe
  2⤵
  PID:9028
- C:\Windows\System\PwfURkg.exe
  C:\Windows\System\PwfURkg.exe
  2⤵
  PID:9060
- C:\Windows\System\IRDuOWB.exe
  C:\Windows\System\IRDuOWB.exe
  2⤵
  PID:9080
- C:\Windows\System\bZZbOhG.exe
  C:\Windows\System\bZZbOhG.exe
  2⤵
  PID:9116
- C:\Windows\System\LMsKcvf.exe
  C:\Windows\System\LMsKcvf.exe
  2⤵
  PID:9144
- C:\Windows\System\VnPerMK.exe
  C:\Windows\System\VnPerMK.exe
  2⤵
  PID:9172
- C:\Windows\System\cEwOxkA.exe
  C:\Windows\System\cEwOxkA.exe
  2⤵
  PID:9200
- C:\Windows\System\WGYJZrQ.exe
  C:\Windows\System\WGYJZrQ.exe
  2⤵
  PID:8220
- C:\Windows\System\JxjSLTR.exe
  C:\Windows\System\JxjSLTR.exe
  2⤵
  PID:8280
- C:\Windows\System\eTviOpS.exe
  C:\Windows\System\eTviOpS.exe
  2⤵
  PID:8336
- C:\Windows\System\qDSHdIX.exe
  C:\Windows\System\qDSHdIX.exe
  2⤵
  PID:8404
- C:\Windows\System\viSWAni.exe
  C:\Windows\System\viSWAni.exe
  2⤵
  PID:8472
- C:\Windows\System\aHMUXXH.exe
  C:\Windows\System\aHMUXXH.exe
  2⤵
  PID:8532
- C:\Windows\System\uQYkati.exe
  C:\Windows\System\uQYkati.exe
  2⤵
  PID:8588
- C:\Windows\System\sWHInub.exe
  C:\Windows\System\sWHInub.exe
  2⤵
  PID:8668
- C:\Windows\System\HpNmIih.exe
  C:\Windows\System\HpNmIih.exe
  2⤵
  PID:8728
- C:\Windows\System\WqICIAj.exe
  C:\Windows\System\WqICIAj.exe
  2⤵
  PID:8788
- C:\Windows\System\iAeYNas.exe
  C:\Windows\System\iAeYNas.exe
  2⤵
  PID:8840
- C:\Windows\System\yISTBJY.exe
  C:\Windows\System\yISTBJY.exe
  2⤵
  PID:8924
- C:\Windows\System\TClWcsY.exe
  C:\Windows\System\TClWcsY.exe
  2⤵
  PID:8984
- C:\Windows\System\qdnVDet.exe
  C:\Windows\System\qdnVDet.exe
  2⤵
  PID:9076
- C:\Windows\System\WRBBAQj.exe
  C:\Windows\System\WRBBAQj.exe
  2⤵
  PID:9152
- C:\Windows\System\dLnWXUJ.exe
  C:\Windows\System\dLnWXUJ.exe
  2⤵
  PID:9212
- C:\Windows\System\HWPhpnM.exe
  C:\Windows\System\HWPhpnM.exe
  2⤵
  PID:8328
- C:\Windows\System\EJDypyG.exe
  C:\Windows\System\EJDypyG.exe
  2⤵
  PID:8496
- C:\Windows\System\BmDhDbC.exe
  C:\Windows\System\BmDhDbC.exe
  2⤵
  PID:8636
- C:\Windows\System\UjtocQf.exe
  C:\Windows\System\UjtocQf.exe
  2⤵
  PID:8780
- C:\Windows\System\nZDcmrg.exe
  C:\Windows\System\nZDcmrg.exe
  2⤵
  PID:8892
- C:\Windows\System\VPybaVT.exe
  C:\Windows\System\VPybaVT.exe
  2⤵
  PID:9036
- C:\Windows\System\FNjFmJl.exe
  C:\Windows\System\FNjFmJl.exe
  2⤵
  PID:8248
- C:\Windows\System\WrMjSBP.exe
  C:\Windows\System\WrMjSBP.exe
  2⤵
  PID:8580
- C:\Windows\System\jvnsvRp.exe
  C:\Windows\System\jvnsvRp.exe
  2⤵
  PID:8952
- C:\Windows\System\DxpsERg.exe
  C:\Windows\System\DxpsERg.exe
  2⤵
  PID:9180
- C:\Windows\System\DFSjEWc.exe
  C:\Windows\System\DFSjEWc.exe
  2⤵
  PID:9012
- C:\Windows\System\ysjBlZk.exe
  C:\Windows\System\ysjBlZk.exe
  2⤵
  PID:9224
- C:\Windows\System\Zfyexnt.exe
  C:\Windows\System\Zfyexnt.exe
  2⤵
  PID:9244
- C:\Windows\System\VHDvocq.exe
  C:\Windows\System\VHDvocq.exe
  2⤵
  PID:9280
- C:\Windows\System\NjFaYwj.exe
  C:\Windows\System\NjFaYwj.exe
  2⤵
  PID:9308
- C:\Windows\System\wCArKVg.exe
  C:\Windows\System\wCArKVg.exe
  2⤵
  PID:9336
- C:\Windows\System\lUbwpnF.exe
  C:\Windows\System\lUbwpnF.exe
  2⤵
  PID:9376
- C:\Windows\System\msfvnLQ.exe
  C:\Windows\System\msfvnLQ.exe
  2⤵
  PID:9412
- C:\Windows\System\rHjdBBN.exe
  C:\Windows\System\rHjdBBN.exe
  2⤵
  PID:9444
- C:\Windows\System\cpMZXuZ.exe
  C:\Windows\System\cpMZXuZ.exe
  2⤵
  PID:9476
- C:\Windows\System\yCmBqYi.exe
  C:\Windows\System\yCmBqYi.exe
  2⤵
  PID:9504
- C:\Windows\System\PyKFygq.exe
  C:\Windows\System\PyKFygq.exe
  2⤵
  PID:9524
- C:\Windows\System\ujooTqE.exe
  C:\Windows\System\ujooTqE.exe
  2⤵
  PID:9560
- C:\Windows\System\quJTQiA.exe
  C:\Windows\System\quJTQiA.exe
  2⤵
  PID:9588
- C:\Windows\System\VKSVLhg.exe
  C:\Windows\System\VKSVLhg.exe
  2⤵
  PID:9616
- C:\Windows\System\ELsNExs.exe
  C:\Windows\System\ELsNExs.exe
  2⤵
  PID:9644
- C:\Windows\System\rwtkgOq.exe
  C:\Windows\System\rwtkgOq.exe
  2⤵
  PID:9672
- C:\Windows\System\qkdTyUz.exe
  C:\Windows\System\qkdTyUz.exe
  2⤵
  PID:9700
- C:\Windows\System\DYpVCnN.exe
  C:\Windows\System\DYpVCnN.exe
  2⤵
  PID:9728
- C:\Windows\System\komjfLh.exe
  C:\Windows\System\komjfLh.exe
  2⤵
  PID:9756
- C:\Windows\System\sPmtTie.exe
  C:\Windows\System\sPmtTie.exe
  2⤵
  PID:9784
- C:\Windows\System\TDKRVbq.exe
  C:\Windows\System\TDKRVbq.exe
  2⤵
  PID:9804
- C:\Windows\System\ZVVopEO.exe
  C:\Windows\System\ZVVopEO.exe
  2⤵
  PID:9840
- C:\Windows\System\FFOlKMV.exe
  C:\Windows\System\FFOlKMV.exe
  2⤵
  PID:9860
- C:\Windows\System\irMfDYX.exe
  C:\Windows\System\irMfDYX.exe
  2⤵
  PID:9896
- C:\Windows\System\rIlJvYs.exe
  C:\Windows\System\rIlJvYs.exe
  2⤵
  PID:9924
- C:\Windows\System\kzqtOOu.exe
  C:\Windows\System\kzqtOOu.exe
  2⤵
  PID:9952
- C:\Windows\System\hnSJAqL.exe
  C:\Windows\System\hnSJAqL.exe
  2⤵
  PID:9984
- C:\Windows\System\lSdFIjA.exe
  C:\Windows\System\lSdFIjA.exe
  2⤵
  PID:10008
- C:\Windows\System\kBeQSHe.exe
  C:\Windows\System\kBeQSHe.exe
  2⤵
  PID:10036
- C:\Windows\System\GGlJHAH.exe
  C:\Windows\System\GGlJHAH.exe
  2⤵
  PID:10060
- C:\Windows\System\bnjjCCe.exe
  C:\Windows\System\bnjjCCe.exe
  2⤵
  PID:10092
- C:\Windows\System\BlBrxFC.exe
  C:\Windows\System\BlBrxFC.exe
  2⤵
  PID:10124
- C:\Windows\System\UjziTcD.exe
  C:\Windows\System\UjziTcD.exe
  2⤵
  PID:10152
- C:\Windows\System\PulMYKm.exe
  C:\Windows\System\PulMYKm.exe
  2⤵
  PID:10180
- C:\Windows\System\ArvLFZi.exe
  C:\Windows\System\ArvLFZi.exe
  2⤵
  PID:10208
- C:\Windows\System\bwLUuXN.exe
  C:\Windows\System\bwLUuXN.exe
  2⤵
  PID:10236
- C:\Windows\System\PcZPNpq.exe
  C:\Windows\System\PcZPNpq.exe
  2⤵
  PID:9268
- C:\Windows\System\WoMUTcU.exe
  C:\Windows\System\WoMUTcU.exe
  2⤵
  PID:9316
- C:\Windows\System\ljJoCXQ.exe
  C:\Windows\System\ljJoCXQ.exe
  2⤵
  PID:9392
- C:\Windows\System\yeyiErj.exe
  C:\Windows\System\yeyiErj.exe
  2⤵
  PID:9456
- C:\Windows\System\UnUcTzq.exe
  C:\Windows\System\UnUcTzq.exe
  2⤵
  PID:9536
- C:\Windows\System\ThDnjdM.exe
  C:\Windows\System\ThDnjdM.exe
  2⤵
  PID:9624
- C:\Windows\System\bYNCMSa.exe
  C:\Windows\System\bYNCMSa.exe
  2⤵
  PID:9680
- C:\Windows\System\oYGTcvZ.exe
  C:\Windows\System\oYGTcvZ.exe
  2⤵
  PID:9744
- C:\Windows\System\elLhWxu.exe
  C:\Windows\System\elLhWxu.exe
  2⤵
  PID:9824
- C:\Windows\System\EsfLosd.exe
  C:\Windows\System\EsfLosd.exe
  2⤵
  PID:9880
- C:\Windows\System\OuCAYaM.exe
  C:\Windows\System\OuCAYaM.exe
  2⤵
  PID:9940
- C:\Windows\System\TQzdwVB.exe
  C:\Windows\System\TQzdwVB.exe
  2⤵
  PID:10024
- C:\Windows\System\FaMtSAw.exe
  C:\Windows\System\FaMtSAw.exe
  2⤵
  PID:10084
- C:\Windows\System\VrrOiAL.exe
  C:\Windows\System\VrrOiAL.exe
  2⤵
  PID:10160
- C:\Windows\System\hqXSmGN.exe
  C:\Windows\System\hqXSmGN.exe
  2⤵
  PID:10196
- C:\Windows\System\ybOyyvs.exe
  C:\Windows\System\ybOyyvs.exe
  2⤵
  PID:9072
- C:\Windows\System\FHVIdbL.exe
  C:\Windows\System\FHVIdbL.exe
  2⤵
  PID:9428
- C:\Windows\System\MNrkJAc.exe
  C:\Windows\System\MNrkJAc.exe
  2⤵
  PID:9484
- C:\Windows\System\PIgxsyY.exe
  C:\Windows\System\PIgxsyY.exe
  2⤵
  PID:3576
- C:\Windows\System\Vpdcdsy.exe
  C:\Windows\System\Vpdcdsy.exe
  2⤵
  PID:9736
- C:\Windows\System\fqdOgbH.exe
  C:\Windows\System\fqdOgbH.exe
  2⤵
  PID:9688
- C:\Windows\System\ZcArDLs.exe
  C:\Windows\System\ZcArDLs.exe
  2⤵
  PID:1980
- C:\Windows\System\RrFKfex.exe
  C:\Windows\System\RrFKfex.exe
  2⤵
  PID:9992
- C:\Windows\System\qmLrfTE.exe
  C:\Windows\System\qmLrfTE.exe
  2⤵
  PID:10168
- C:\Windows\System\UpzFSRR.exe
  C:\Windows\System\UpzFSRR.exe
  2⤵
  PID:9384
- C:\Windows\System\cnNwrpg.exe
  C:\Windows\System\cnNwrpg.exe
  2⤵
  PID:9636
- C:\Windows\System\kkXwJRp.exe
  C:\Windows\System\kkXwJRp.exe
  2⤵
  PID:4112
- C:\Windows\System\FHjnEpZ.exe
  C:\Windows\System\FHjnEpZ.exe
  2⤵
  PID:10112
- C:\Windows\System\vrCCzoN.exe
  C:\Windows\System\vrCCzoN.exe
  2⤵
  PID:9596
- C:\Windows\System\YGUzXob.exe
  C:\Windows\System\YGUzXob.exe
  2⤵
  PID:9240
- C:\Windows\System\MQCnjGn.exe
  C:\Windows\System\MQCnjGn.exe
  2⤵
  PID:9568
- C:\Windows\System\ioxdyQY.exe
  C:\Windows\System\ioxdyQY.exe
  2⤵
  PID:10260
- C:\Windows\System\QoYiAoq.exe
  C:\Windows\System\QoYiAoq.exe
  2⤵
  PID:10288
- C:\Windows\System\WmNlEBg.exe
  C:\Windows\System\WmNlEBg.exe
  2⤵
  PID:10320
- C:\Windows\System\yfkUMWO.exe
  C:\Windows\System\yfkUMWO.exe
  2⤵
  PID:10348
- C:\Windows\System\pkaoSHH.exe
  C:\Windows\System\pkaoSHH.exe
  2⤵
  PID:10380
- C:\Windows\System\HkPFXVx.exe
  C:\Windows\System\HkPFXVx.exe
  2⤵
  PID:10404
- C:\Windows\System\XqiQfhp.exe
  C:\Windows\System\XqiQfhp.exe
  2⤵
  PID:10432
- C:\Windows\System\BfxMRNR.exe
  C:\Windows\System\BfxMRNR.exe
  2⤵
  PID:10460
- C:\Windows\System\YpdRHvw.exe
  C:\Windows\System\YpdRHvw.exe
  2⤵
  PID:10488
- C:\Windows\System\jxulPKI.exe
  C:\Windows\System\jxulPKI.exe
  2⤵
  PID:10516
- C:\Windows\System\cQdRRum.exe
  C:\Windows\System\cQdRRum.exe
  2⤵
  PID:10544
- C:\Windows\System\LzDTnXn.exe
  C:\Windows\System\LzDTnXn.exe
  2⤵
  PID:10572
- C:\Windows\System\QdkKADj.exe
  C:\Windows\System\QdkKADj.exe
  2⤵
  PID:10600
- C:\Windows\System\WiVOklf.exe
  C:\Windows\System\WiVOklf.exe
  2⤵
  PID:10628
- C:\Windows\System\UhpRDrZ.exe
  C:\Windows\System\UhpRDrZ.exe
  2⤵
  PID:10656
- C:\Windows\System\ZPCrpuP.exe
  C:\Windows\System\ZPCrpuP.exe
  2⤵
  PID:10684
- C:\Windows\System\AMgXApZ.exe
  C:\Windows\System\AMgXApZ.exe
  2⤵
  PID:10712
- C:\Windows\System\UpPZhAJ.exe
  C:\Windows\System\UpPZhAJ.exe
  2⤵
  PID:10740
- C:\Windows\System\fBzQlqe.exe
  C:\Windows\System\fBzQlqe.exe
  2⤵
  PID:10768
- C:\Windows\System\luWGryr.exe
  C:\Windows\System\luWGryr.exe
  2⤵
  PID:10796
- C:\Windows\System\sgCEsMx.exe
  C:\Windows\System\sgCEsMx.exe
  2⤵
  PID:10824
- C:\Windows\System\UJlWmfW.exe
  C:\Windows\System\UJlWmfW.exe
  2⤵
  PID:10852
- C:\Windows\System\KHvytyW.exe
  C:\Windows\System\KHvytyW.exe
  2⤵
  PID:10880
- C:\Windows\System\pXvBGpk.exe
  C:\Windows\System\pXvBGpk.exe
  2⤵
  PID:10908
- C:\Windows\System\GVdOYoT.exe
  C:\Windows\System\GVdOYoT.exe
  2⤵
  PID:10936
- C:\Windows\System\wLTiGsj.exe
  C:\Windows\System\wLTiGsj.exe
  2⤵
  PID:10964
- C:\Windows\System\tgHUCkY.exe
  C:\Windows\System\tgHUCkY.exe
  2⤵
  PID:10992
- C:\Windows\System\yminmuR.exe
  C:\Windows\System\yminmuR.exe
  2⤵
  PID:11020
- C:\Windows\System\vDNMyqD.exe
  C:\Windows\System\vDNMyqD.exe
  2⤵
  PID:11048
- C:\Windows\System\VzgRaov.exe
  C:\Windows\System\VzgRaov.exe
  2⤵
  PID:11080
- C:\Windows\System\EpVKinr.exe
  C:\Windows\System\EpVKinr.exe
  2⤵
  PID:11108
- C:\Windows\System\YyWuTPY.exe
  C:\Windows\System\YyWuTPY.exe
  2⤵
  PID:11136
- C:\Windows\System\njYzooo.exe
  C:\Windows\System\njYzooo.exe
  2⤵
  PID:11164
- C:\Windows\System\nwBoRuQ.exe
  C:\Windows\System\nwBoRuQ.exe
  2⤵
  PID:11192
- C:\Windows\System\fzESrMx.exe
  C:\Windows\System\fzESrMx.exe
  2⤵
  PID:11220
- C:\Windows\System\WjWvIAz.exe
  C:\Windows\System\WjWvIAz.exe
  2⤵
  PID:11248
- C:\Windows\System\iNRgHsS.exe
  C:\Windows\System\iNRgHsS.exe
  2⤵
  PID:10280
- C:\Windows\System\BgvojkD.exe
  C:\Windows\System\BgvojkD.exe
  2⤵
  PID:10344
- C:\Windows\System\pLXkWwz.exe
  C:\Windows\System\pLXkWwz.exe
  2⤵
  PID:10420
- C:\Windows\System\oNPGsld.exe
  C:\Windows\System\oNPGsld.exe
  2⤵
  PID:10480
- C:\Windows\System\ifuahCN.exe
  C:\Windows\System\ifuahCN.exe
  2⤵
  PID:10540
- C:\Windows\System\FMNSlxQ.exe
  C:\Windows\System\FMNSlxQ.exe
  2⤵
  PID:10596
- C:\Windows\System\dpmqsFb.exe
  C:\Windows\System\dpmqsFb.exe
  2⤵
  PID:10672
- C:\Windows\System\wJXezBl.exe
  C:\Windows\System\wJXezBl.exe
  2⤵
  PID:10732
- C:\Windows\System\wOosIzk.exe
  C:\Windows\System\wOosIzk.exe
  2⤵
  PID:10792
- C:\Windows\System\xkHxkGc.exe
  C:\Windows\System\xkHxkGc.exe
  2⤵
  PID:10868
- C:\Windows\System\NjMPrNp.exe
  C:\Windows\System\NjMPrNp.exe
  2⤵
  PID:10920
- C:\Windows\System\bInlzYc.exe
  C:\Windows\System\bInlzYc.exe
  2⤵
  PID:10984
- C:\Windows\System\JEVPrjy.exe
  C:\Windows\System\JEVPrjy.exe
  2⤵
  PID:11044
- C:\Windows\System\DKFnCrO.exe
  C:\Windows\System\DKFnCrO.exe
  2⤵
  PID:11120
- C:\Windows\System\ZRHqqvv.exe
  C:\Windows\System\ZRHqqvv.exe
  2⤵
  PID:2144
- C:\Windows\System\jbfYCgK.exe
  C:\Windows\System\jbfYCgK.exe
  2⤵
  PID:11232
- C:\Windows\System\twzMRbA.exe
  C:\Windows\System\twzMRbA.exe
  2⤵
  PID:10252
- C:\Windows\System\KZtCeKa.exe
  C:\Windows\System\KZtCeKa.exe
  2⤵
  PID:10456
- C:\Windows\System\YOJKIJQ.exe
  C:\Windows\System\YOJKIJQ.exe
  2⤵
  PID:10592
- C:\Windows\System\FAJTqzm.exe
  C:\Windows\System\FAJTqzm.exe
  2⤵
  PID:10764
- C:\Windows\System\AbyaZez.exe
  C:\Windows\System\AbyaZez.exe
  2⤵
  PID:10904
- C:\Windows\System\kyRbaro.exe
  C:\Windows\System\kyRbaro.exe
  2⤵
  PID:11160
- C:\Windows\System\lZfRkJi.exe
  C:\Windows\System\lZfRkJi.exe
  2⤵
  PID:11260
- C:\Windows\System\iunvhNi.exe
  C:\Windows\System\iunvhNi.exe
  2⤵
  PID:10708
- C:\Windows\System\jxASGry.exe
  C:\Windows\System\jxASGry.exe
  2⤵
  PID:10900
- C:\Windows\System\rnNumnt.exe
  C:\Windows\System\rnNumnt.exe
  2⤵
  PID:11148
- C:\Windows\System\kJpUNOy.exe
  C:\Windows\System\kJpUNOy.exe
  2⤵
  PID:10340
- C:\Windows\System\eWSQxXC.exe
  C:\Windows\System\eWSQxXC.exe
  2⤵
  PID:10844
- C:\Windows\System\lvUfcKy.exe
  C:\Windows\System\lvUfcKy.exe
  2⤵
  PID:1916
- C:\Windows\System\txwJVsI.exe
  C:\Windows\System\txwJVsI.exe
  2⤵
  PID:3352
- C:\Windows\System\SywUlDV.exe
  C:\Windows\System\SywUlDV.exe
  2⤵
  PID:336
- C:\Windows\System\QpcRMKq.exe
  C:\Windows\System\QpcRMKq.exe
  2⤵
  PID:11292
- C:\Windows\System\zWWdgLH.exe
  C:\Windows\System\zWWdgLH.exe
  2⤵
  PID:11320
- C:\Windows\System\SbKYGiE.exe
  C:\Windows\System\SbKYGiE.exe
  2⤵
  PID:11348
- C:\Windows\System\tqFTAnY.exe
  C:\Windows\System\tqFTAnY.exe
  2⤵
  PID:11376
- C:\Windows\System\FilkBiy.exe
  C:\Windows\System\FilkBiy.exe
  2⤵
  PID:11404
- C:\Windows\System\LJpBOoN.exe
  C:\Windows\System\LJpBOoN.exe
  2⤵
  PID:11432
- C:\Windows\System\NzSCRuC.exe
  C:\Windows\System\NzSCRuC.exe
  2⤵
  PID:11460
- C:\Windows\System\nwkHVTx.exe
  C:\Windows\System\nwkHVTx.exe
  2⤵
  PID:11488
- C:\Windows\System\kOhKaTT.exe
  C:\Windows\System\kOhKaTT.exe
  2⤵
  PID:11516
- C:\Windows\System\QDsGpmF.exe
  C:\Windows\System\QDsGpmF.exe
  2⤵
  PID:11544
- C:\Windows\System\ZVmsSZq.exe
  C:\Windows\System\ZVmsSZq.exe
  2⤵
  PID:11572
- C:\Windows\System\DgQGosH.exe
  C:\Windows\System\DgQGosH.exe
  2⤵
  PID:11600
- C:\Windows\System\RsuBIow.exe
  C:\Windows\System\RsuBIow.exe
  2⤵
  PID:11628
- C:\Windows\System\xBVEBCZ.exe
  C:\Windows\System\xBVEBCZ.exe
  2⤵
  PID:11656
- C:\Windows\System\zmzWUnI.exe
  C:\Windows\System\zmzWUnI.exe
  2⤵
  PID:11684
- C:\Windows\System\HmmunzM.exe
  C:\Windows\System\HmmunzM.exe
  2⤵
  PID:11712
- C:\Windows\System\iqozvSx.exe
  C:\Windows\System\iqozvSx.exe
  2⤵
  PID:11740
- C:\Windows\System\ySUoHno.exe
  C:\Windows\System\ySUoHno.exe
  2⤵
  PID:11768
- C:\Windows\System\xLBhvBq.exe
  C:\Windows\System\xLBhvBq.exe
  2⤵
  PID:11796
- C:\Windows\System\mPuznCe.exe
  C:\Windows\System\mPuznCe.exe
  2⤵
  PID:11824
- C:\Windows\System\xtlEmnA.exe
  C:\Windows\System\xtlEmnA.exe
  2⤵
  PID:11852
- C:\Windows\System\OkHHviT.exe
  C:\Windows\System\OkHHviT.exe
  2⤵
  PID:11880
- C:\Windows\System\rcWkqOY.exe
  C:\Windows\System\rcWkqOY.exe
  2⤵
  PID:11908
- C:\Windows\System\Xolkmcn.exe
  C:\Windows\System\Xolkmcn.exe
  2⤵
  PID:11936
- C:\Windows\System\DjYueud.exe
  C:\Windows\System\DjYueud.exe
  2⤵
  PID:11964
- C:\Windows\System\USFMAtO.exe
  C:\Windows\System\USFMAtO.exe
  2⤵
  PID:11992
- C:\Windows\System\dnNZKYL.exe
  C:\Windows\System\dnNZKYL.exe
  2⤵
  PID:12024
- C:\Windows\System\PDXnwac.exe
  C:\Windows\System\PDXnwac.exe
  2⤵
  PID:12052
- C:\Windows\System\YfKXXYk.exe
  C:\Windows\System\YfKXXYk.exe
  2⤵
  PID:12080
- C:\Windows\System\AfVdSSA.exe
  C:\Windows\System\AfVdSSA.exe
  2⤵
  PID:12108
- C:\Windows\System\JvAdkVW.exe
  C:\Windows\System\JvAdkVW.exe
  2⤵
  PID:12136
- C:\Windows\System\eflGhLW.exe
  C:\Windows\System\eflGhLW.exe
  2⤵
  PID:12164
- C:\Windows\System\BvJOWDL.exe
  C:\Windows\System\BvJOWDL.exe
  2⤵
  PID:12192
- C:\Windows\System\qaloVon.exe
  C:\Windows\System\qaloVon.exe
  2⤵
  PID:12220
- C:\Windows\System\yOjaYxP.exe
  C:\Windows\System\yOjaYxP.exe
  2⤵
  PID:12248
- C:\Windows\System\AgRlEhb.exe
  C:\Windows\System\AgRlEhb.exe
  2⤵
  PID:12276
- C:\Windows\System\Fopcdvl.exe
  C:\Windows\System\Fopcdvl.exe
  2⤵
  PID:11284
- C:\Windows\System\bxtkWym.exe
  C:\Windows\System\bxtkWym.exe
  2⤵
  PID:11340
- C:\Windows\System\OaSgESI.exe
  C:\Windows\System\OaSgESI.exe
  2⤵
  PID:11388
- C:\Windows\System\pDmnvxA.exe
  C:\Windows\System\pDmnvxA.exe
  2⤵
  PID:11452
- C:\Windows\System\jQChaBD.exe
  C:\Windows\System\jQChaBD.exe
  2⤵
  PID:11512
- C:\Windows\System\pQGxyUC.exe
  C:\Windows\System\pQGxyUC.exe
  2⤵
  PID:11584
- C:\Windows\System\cEinXYy.exe
  C:\Windows\System\cEinXYy.exe
  2⤵
  PID:2032
- C:\Windows\System\eCQPjvN.exe
  C:\Windows\System\eCQPjvN.exe
  2⤵
  PID:11700
- C:\Windows\System\dvETZVO.exe
  C:\Windows\System\dvETZVO.exe
  2⤵
  PID:11736
- C:\Windows\System\cjvFAwY.exe
  C:\Windows\System\cjvFAwY.exe
  2⤵
  PID:11812
- C:\Windows\System\rFBbHMS.exe
  C:\Windows\System\rFBbHMS.exe
  2⤵
  PID:11844
- C:\Windows\System\GKVdtCA.exe
  C:\Windows\System\GKVdtCA.exe
  2⤵
  PID:11904
- C:\Windows\System\aQNuAyt.exe
  C:\Windows\System\aQNuAyt.exe
  2⤵
  PID:11980
- C:\Windows\System\QlSffCl.exe
  C:\Windows\System\QlSffCl.exe
  2⤵
  PID:2420
- C:\Windows\System\FOpIyrr.exe
  C:\Windows\System\FOpIyrr.exe
  2⤵
  PID:12076
- C:\Windows\System\RqPVsQl.exe
  C:\Windows\System\RqPVsQl.exe
  2⤵
  PID:12148
- C:\Windows\System\RyRfmzm.exe
  C:\Windows\System\RyRfmzm.exe
  2⤵
  PID:12212
- C:\Windows\System\UXoxOXL.exe
  C:\Windows\System\UXoxOXL.exe
  2⤵
  PID:10564
- C:\Windows\System\VnWtaBc.exe
  C:\Windows\System\VnWtaBc.exe
  2⤵
  PID:11368
- C:\Windows\System\RbxZrEz.exe
  C:\Windows\System\RbxZrEz.exe
  2⤵
  PID:11508
- C:\Windows\System\CUWLdSN.exe
  C:\Windows\System\CUWLdSN.exe
  2⤵
  PID:11624
- C:\Windows\System\YpGPxUU.exe
  C:\Windows\System\YpGPxUU.exe
  2⤵
  PID:11764
- C:\Windows\System\LEcwrAk.exe
  C:\Windows\System\LEcwrAk.exe
  2⤵
  PID:2572
- C:\Windows\System\uPEuPCO.exe
  C:\Windows\System\uPEuPCO.exe
  2⤵
  PID:11900
- C:\Windows\System\XGuIjIH.exe
  C:\Windows\System\XGuIjIH.exe
  2⤵
  PID:12064
- C:\Windows\System\JyWeqwE.exe
  C:\Windows\System\JyWeqwE.exe
  2⤵
  PID:12188
- C:\Windows\System\vpFcylP.exe
  C:\Windows\System\vpFcylP.exe
  2⤵
  PID:4252
- C:\Windows\System\paktfTV.exe
  C:\Windows\System\paktfTV.exe
  2⤵
  PID:1920
- C:\Windows\System\IWPOUTC.exe
  C:\Windows\System\IWPOUTC.exe
  2⤵
  PID:1256
- C:\Windows\System\IpOIInm.exe
  C:\Windows\System\IpOIInm.exe
  2⤵
  PID:12016
- C:\Windows\System\cMedGWl.exe
  C:\Windows\System\cMedGWl.exe
  2⤵
  PID:12268
- C:\Windows\System\GsziIGg.exe
  C:\Windows\System\GsziIGg.exe
  2⤵
  PID:3936
- C:\Windows\System\SpWvjVC.exe
  C:\Windows\System\SpWvjVC.exe
  2⤵
  PID:12176
- C:\Windows\System\JtPqlfC.exe
  C:\Windows\System\JtPqlfC.exe
  2⤵
  PID:11788
- C:\Windows\System\xsAbsob.exe
  C:\Windows\System\xsAbsob.exe
  2⤵
  PID:11500
- C:\Windows\System\lcUPqnM.exe
  C:\Windows\System\lcUPqnM.exe
  2⤵
  PID:12312
- C:\Windows\System\ekmEpDb.exe
  C:\Windows\System\ekmEpDb.exe
  2⤵
  PID:12340
- C:\Windows\System\BuwIYVP.exe
  C:\Windows\System\BuwIYVP.exe
  2⤵
  PID:12384
- C:\Windows\System\QxEvrcH.exe
  C:\Windows\System\QxEvrcH.exe
  2⤵
  PID:12400
- C:\Windows\System\LXlqIfk.exe
  C:\Windows\System\LXlqIfk.exe
  2⤵
  PID:12432
- C:\Windows\System\oywSixj.exe
  C:\Windows\System\oywSixj.exe
  2⤵
  PID:12460
- C:\Windows\System\LYwOKnh.exe
  C:\Windows\System\LYwOKnh.exe
  2⤵
  PID:12488
- C:\Windows\System\HyWMvKQ.exe
  C:\Windows\System\HyWMvKQ.exe
  2⤵
  PID:12516
- C:\Windows\System\Ycufjkg.exe
  C:\Windows\System\Ycufjkg.exe
  2⤵
  PID:12544
- C:\Windows\System\ethzrwY.exe
  C:\Windows\System\ethzrwY.exe
  2⤵
  PID:12572
- C:\Windows\System\blPZctf.exe
  C:\Windows\System\blPZctf.exe
  2⤵
  PID:12600
- C:\Windows\System\KeSzSqp.exe
  C:\Windows\System\KeSzSqp.exe
  2⤵
  PID:12628
- C:\Windows\System\ghwIdPn.exe
  C:\Windows\System\ghwIdPn.exe
  2⤵
  PID:12656
- C:\Windows\System\oQcIvZr.exe
  C:\Windows\System\oQcIvZr.exe
  2⤵
  PID:12684
- C:\Windows\System\ulgYNpz.exe
  C:\Windows\System\ulgYNpz.exe
  2⤵
  PID:12712
- C:\Windows\System\rkondIi.exe
  C:\Windows\System\rkondIi.exe
  2⤵
  PID:12740
- C:\Windows\System\mtQrwmu.exe
  C:\Windows\System\mtQrwmu.exe
  2⤵
  PID:12772
- C:\Windows\System\qgEutkZ.exe
  C:\Windows\System\qgEutkZ.exe
  2⤵
  PID:12800
- C:\Windows\System\VaNuBnQ.exe
  C:\Windows\System\VaNuBnQ.exe
  2⤵
  PID:12828
- C:\Windows\System\MJrQQbh.exe
  C:\Windows\System\MJrQQbh.exe
  2⤵
  PID:12856
- C:\Windows\System\kNwURWK.exe
  C:\Windows\System\kNwURWK.exe
  2⤵
  PID:12884
- C:\Windows\System\sdaixEP.exe
  C:\Windows\System\sdaixEP.exe
  2⤵
  PID:12912
- C:\Windows\System\EBMoYxh.exe
  C:\Windows\System\EBMoYxh.exe
  2⤵
  PID:12952
- C:\Windows\System\ExBGvcu.exe
  C:\Windows\System\ExBGvcu.exe
  2⤵
  PID:12968
- C:\Windows\System\qsTwcdN.exe
  C:\Windows\System\qsTwcdN.exe
  2⤵
  PID:12996
- C:\Windows\System\VOrtUmX.exe
  C:\Windows\System\VOrtUmX.exe
  2⤵
  PID:13024
- C:\Windows\System\hThSrnj.exe
  C:\Windows\System\hThSrnj.exe
  2⤵
  PID:13052
- C:\Windows\System\CWzJHRN.exe
  C:\Windows\System\CWzJHRN.exe
  2⤵
  PID:13080
- C:\Windows\System\BNSOKbT.exe
  C:\Windows\System\BNSOKbT.exe
  2⤵
  PID:13112
- C:\Windows\System\JIAszoJ.exe
  C:\Windows\System\JIAszoJ.exe
  2⤵
  PID:13140
- C:\Windows\System\NeLbjzf.exe
  C:\Windows\System\NeLbjzf.exe
  2⤵
  PID:13168
- C:\Windows\System\AjiVywo.exe
  C:\Windows\System\AjiVywo.exe
  2⤵
  PID:13196
- C:\Windows\System\SCmGbMM.exe
  C:\Windows\System\SCmGbMM.exe
  2⤵
  PID:13228
- C:\Windows\System\cBYEkai.exe
  C:\Windows\System\cBYEkai.exe
  2⤵
  PID:13260
- C:\Windows\System\BgVFGsD.exe
  C:\Windows\System\BgVFGsD.exe
  2⤵
  PID:13288
- C:\Windows\System\upyLRAu.exe
  C:\Windows\System\upyLRAu.exe
  2⤵
  PID:12308
- C:\Windows\System\lguvTat.exe
  C:\Windows\System\lguvTat.exe
  2⤵
  PID:4108
- C:\Windows\System\ePuOdiT.exe
  C:\Windows\System\ePuOdiT.exe
  2⤵
  PID:12368
- C:\Windows\System\SyQLYXm.exe
  C:\Windows\System\SyQLYXm.exe
  2⤵
  PID:12452
- C:\Windows\System\gWeGoaK.exe
  C:\Windows\System\gWeGoaK.exe
  2⤵
  PID:12512
- C:\Windows\System\ixnPxcY.exe
  C:\Windows\System\ixnPxcY.exe
  2⤵
  PID:12584
- C:\Windows\System\uZhpKmg.exe
  C:\Windows\System\uZhpKmg.exe
  2⤵
  PID:12648
- C:\Windows\System\gnxQaol.exe
  C:\Windows\System\gnxQaol.exe
  2⤵
  PID:12724
- C:\Windows\System\znbhLEz.exe
  C:\Windows\System\znbhLEz.exe
  2⤵
  PID:12796
- C:\Windows\System\vjFQwkm.exe
  C:\Windows\System\vjFQwkm.exe
  2⤵
  PID:12852
- C:\Windows\System\wRiUElY.exe
  C:\Windows\System\wRiUElY.exe
  2⤵
  PID:12948
- C:\Windows\System\FGUISVX.exe
  C:\Windows\System\FGUISVX.exe
  2⤵
  PID:13020
- C:\Windows\System\QThQVMw.exe
  C:\Windows\System\QThQVMw.exe
  2⤵
  PID:13072
- C:\Windows\System\VWRWISv.exe
  C:\Windows\System\VWRWISv.exe
  2⤵
  PID:13136
- C:\Windows\System\nQYbEBH.exe
  C:\Windows\System\nQYbEBH.exe
  2⤵
  PID:13208
- C:\Windows\System\xyZlOcO.exe
  C:\Windows\System\xyZlOcO.exe
  2⤵
  PID:13252
- C:\Windows\System\OOYICUB.exe
  C:\Windows\System\OOYICUB.exe
  2⤵
  PID:13236
- C:\Windows\System\tJaPsGG.exe
  C:\Windows\System\tJaPsGG.exe
  2⤵
  PID:12380
- C:\Windows\System\tuTmoXn.exe
  C:\Windows\System\tuTmoXn.exe
  2⤵
  PID:12504
- C:\Windows\System\rfKwrUX.exe
  C:\Windows\System\rfKwrUX.exe
  2⤵
  PID:12640
- C:\Windows\System\YdeHvLq.exe
  C:\Windows\System\YdeHvLq.exe
  2⤵
  PID:5752
- C:\Windows\System\AEcMjvf.exe
  C:\Windows\System\AEcMjvf.exe
  2⤵
  PID:4184
- C:\Windows\System\FbUHzxe.exe
  C:\Windows\System\FbUHzxe.exe
  2⤵
  PID:12820
- C:\Windows\System\lBXqatf.exe
  C:\Windows\System\lBXqatf.exe
  2⤵
  PID:5864
- C:\Windows\System\bOCkLeB.exe
  C:\Windows\System\bOCkLeB.exe
  2⤵
  PID:13104
- C:\Windows\System\kWzVTDh.exe
  C:\Windows\System\kWzVTDh.exe
  2⤵
  PID:13124
- C:\Windows\System\qpTguoF.exe
  C:\Windows\System\qpTguoF.exe
  2⤵
  PID:13240
- C:\Windows\System\zgcHgjb.exe
  C:\Windows\System\zgcHgjb.exe
  2⤵
  PID:12412
- C:\Windows\System\ylVlKjS.exe
  C:\Windows\System\ylVlKjS.exe
  2⤵
  PID:12708
- C:\Windows\System\ryYZdZl.exe
  C:\Windows\System\ryYZdZl.exe
  2⤵
  PID:5140
- C:\Windows\System\atxDHhA.exe
  C:\Windows\System\atxDHhA.exe
  2⤵
  PID:5936
- C:\Windows\System\sCdYVnv.exe
  C:\Windows\System\sCdYVnv.exe
  2⤵
  PID:5336
- C:\Windows\System\erqIFSP.exe
  C:\Windows\System\erqIFSP.exe
  2⤵
  PID:5528
- C:\Windows\System\FNIfMPf.exe
  C:\Windows\System\FNIfMPf.exe
  2⤵
  PID:12900
- C:\Windows\System\bUmkgdV.exe
  C:\Windows\System\bUmkgdV.exe
  2⤵
  PID:12980
- C:\Windows\System\ETqUyOi.exe
  C:\Windows\System\ETqUyOi.exe
  2⤵
  PID:12840
- C:\Windows\System\BJzJqvh.exe
  C:\Windows\System\BJzJqvh.exe
  2⤵
  PID:12428
- C:\Windows\System\gjuWofD.exe
  C:\Windows\System\gjuWofD.exe
  2⤵
  PID:13336
- C:\Windows\System\mEZQamk.exe
  C:\Windows\System\mEZQamk.exe
  2⤵
  PID:13364
- C:\Windows\System\cGfFmrE.exe
  C:\Windows\System\cGfFmrE.exe
  2⤵
  PID:13392
- C:\Windows\System\GSIGCGf.exe
  C:\Windows\System\GSIGCGf.exe
  2⤵
  PID:13420
- C:\Windows\System\bXhZzaN.exe
  C:\Windows\System\bXhZzaN.exe
  2⤵
  PID:13448
- C:\Windows\System\PrbbtpM.exe
  C:\Windows\System\PrbbtpM.exe
  2⤵
  PID:13476
- C:\Windows\System\oCLBwNo.exe
  C:\Windows\System\oCLBwNo.exe
  2⤵
  PID:13504
- C:\Windows\System\BDthswl.exe
  C:\Windows\System\BDthswl.exe
  2⤵
  PID:13532
- C:\Windows\System\XbIDPgm.exe
  C:\Windows\System\XbIDPgm.exe
  2⤵
  PID:13560
- C:\Windows\System\mUrywIj.exe
  C:\Windows\System\mUrywIj.exe
  2⤵
  PID:13588
- C:\Windows\System\ycPWzZZ.exe
  C:\Windows\System\ycPWzZZ.exe
  2⤵
  PID:13616
- C:\Windows\System\cLRJMlR.exe
  C:\Windows\System\cLRJMlR.exe
  2⤵
  PID:13644
- C:\Windows\System\embauDV.exe
  C:\Windows\System\embauDV.exe
  2⤵
  PID:13672
- C:\Windows\System\DgLfczA.exe
  C:\Windows\System\DgLfczA.exe
  2⤵
  PID:13700
- C:\Windows\System\kGhDhhO.exe
  C:\Windows\System\kGhDhhO.exe
  2⤵
  PID:13728
- C:\Windows\System\GpcwSJp.exe
  C:\Windows\System\GpcwSJp.exe
  2⤵
  PID:13756
- C:\Windows\System\VeKNxGH.exe
  C:\Windows\System\VeKNxGH.exe
  2⤵
  PID:13784
- C:\Windows\System\MknwhWQ.exe
  C:\Windows\System\MknwhWQ.exe
  2⤵
  PID:13812
- C:\Windows\System\sCaDMha.exe
  C:\Windows\System\sCaDMha.exe
  2⤵
  PID:13840
- C:\Windows\System\SOoPjcL.exe
  C:\Windows\System\SOoPjcL.exe
  2⤵
  PID:13868
- C:\Windows\System\YIFcMCw.exe
  C:\Windows\System\YIFcMCw.exe
  2⤵
  PID:13896
- C:\Windows\System\hRPiLMX.exe
  C:\Windows\System\hRPiLMX.exe
  2⤵
  PID:13924
- C:\Windows\System\hLzKjeB.exe
  C:\Windows\System\hLzKjeB.exe
  2⤵
  PID:13952
- C:\Windows\System\tDErTvZ.exe
  C:\Windows\System\tDErTvZ.exe
  2⤵
  PID:13980
- C:\Windows\System\RffHhLW.exe
  C:\Windows\System\RffHhLW.exe
  2⤵
  PID:14008
- C:\Windows\System\naZGypB.exe
  C:\Windows\System\naZGypB.exe
  2⤵
  PID:14036
- C:\Windows\System\MsIiXIe.exe
  C:\Windows\System\MsIiXIe.exe
  2⤵
  PID:14064
- C:\Windows\System\ovjGMYl.exe
  C:\Windows\System\ovjGMYl.exe
  2⤵
  PID:14096
- C:\Windows\System\imHsXuu.exe
  C:\Windows\System\imHsXuu.exe
  2⤵
  PID:14124
- C:\Windows\System\XRQYbiG.exe
  C:\Windows\System\XRQYbiG.exe
  2⤵
  PID:14152
- C:\Windows\System\hMXBgee.exe
  C:\Windows\System\hMXBgee.exe
  2⤵
  PID:14180
- C:\Windows\System\arrhBRc.exe
  C:\Windows\System\arrhBRc.exe
  2⤵
  PID:14208
- C:\Windows\System\epFfrpe.exe
  C:\Windows\System\epFfrpe.exe
  2⤵
  PID:14236
- C:\Windows\System\rhpNHro.exe
  C:\Windows\System\rhpNHro.exe
  2⤵
  PID:14264
- C:\Windows\System\aCaqrxU.exe
  C:\Windows\System\aCaqrxU.exe
  2⤵
  PID:14292
- C:\Windows\System\ZqtvewG.exe
  C:\Windows\System\ZqtvewG.exe
  2⤵
  PID:14320
- C:\Windows\System\gaNDHZc.exe
  C:\Windows\System\gaNDHZc.exe
  2⤵
  PID:13348
- C:\Windows\System\WGUYDPd.exe
  C:\Windows\System\WGUYDPd.exe
  2⤵
  PID:13412
- C:\Windows\System\sQjDarZ.exe
  C:\Windows\System\sQjDarZ.exe
  2⤵
  PID:13472
- C:\Windows\System\JyPbnht.exe
  C:\Windows\System\JyPbnht.exe
  2⤵
  PID:13548
- C:\Windows\System\dbROeDN.exe
  C:\Windows\System\dbROeDN.exe
  2⤵
  PID:13608
- C:\Windows\System\qjIeDJj.exe
  C:\Windows\System\qjIeDJj.exe
  2⤵
  PID:13668
- C:\Windows\System\hQlGdnC.exe
  C:\Windows\System\hQlGdnC.exe
  2⤵
  PID:13740
- C:\Windows\System\JtNeuQd.exe
  C:\Windows\System\JtNeuQd.exe
  2⤵
  PID:13804
- C:\Windows\System\OBvVoAL.exe
  C:\Windows\System\OBvVoAL.exe
  2⤵
  PID:13864
- C:\Windows\System\WgQfqqG.exe
  C:\Windows\System\WgQfqqG.exe
  2⤵
  PID:13920
- C:\Windows\System\PANjwAy.exe
  C:\Windows\System\PANjwAy.exe
  2⤵
  PID:13992
- C:\Windows\System\iTZDvTn.exe
  C:\Windows\System\iTZDvTn.exe
  2⤵
  PID:14056
- C:\Windows\System\vrFGYms.exe
  C:\Windows\System\vrFGYms.exe
  2⤵
  PID:14120
- C:\Windows\System\QmgIOYU.exe
  C:\Windows\System\QmgIOYU.exe
  2⤵
  PID:14192
- C:\Windows\System\yKQphzD.exe
  C:\Windows\System\yKQphzD.exe
  2⤵
  PID:14256
- C:\Windows\System\Qpoxrpr.exe
  C:\Windows\System\Qpoxrpr.exe
  2⤵
  PID:14316
- C:\Windows\System\vbxxvUa.exe
  C:\Windows\System\vbxxvUa.exe
  2⤵
  PID:13440
- C:\Windows\System\BDNEDRi.exe
  C:\Windows\System\BDNEDRi.exe
  2⤵
  PID:13584
- C:\Windows\System\kCvImoe.exe
  C:\Windows\System\kCvImoe.exe
  2⤵
  PID:13724
- C:\Windows\System\VBBSfCx.exe
  C:\Windows\System\VBBSfCx.exe
  2⤵
  PID:13908
- C:\Windows\System\dlRBiPx.exe
  C:\Windows\System\dlRBiPx.exe
  2⤵
  PID:14032
- C:\Windows\System\HFTCRQe.exe
  C:\Windows\System\HFTCRQe.exe
  2⤵
  PID:5588
- C:\Windows\System\kXDjfIx.exe
  C:\Windows\System\kXDjfIx.exe
  2⤵
  PID:14176
- C:\Windows\System\YxRwlTZ.exe
  C:\Windows\System\YxRwlTZ.exe
  2⤵
  PID:5776
- C:\Windows\System\QmzbELy.exe
  C:\Windows\System\QmzbELy.exe
  2⤵
  PID:13404
- C:\Windows\System\uMItZkl.exe
  C:\Windows\System\uMItZkl.exe
  2⤵
  PID:5932
- C:\Windows\System\OInxOmo.exe
  C:\Windows\System\OInxOmo.exe
  2⤵
  PID:13796
- C:\Windows\System\oTiyAcK.exe
  C:\Windows\System\oTiyAcK.exe
  2⤵
  PID:6012
- C:\Windows\System\IPnrXad.exe
  C:\Windows\System\IPnrXad.exe
  2⤵
  PID:14172
- C:\Windows\System\VpEaNRF.exe
  C:\Windows\System\VpEaNRF.exe
  2⤵
  PID:14312
- C:\Windows\System\VYYbJbU.exe
  C:\Windows\System\VYYbJbU.exe
  2⤵
  PID:1300
- C:\Windows\System\xYycXyj.exe
  C:\Windows\System\xYycXyj.exe
  2⤵
  PID:1660
- C:\Windows\System\UfEvEyb.exe
  C:\Windows\System\UfEvEyb.exe
  2⤵
  PID:14088
- C:\Windows\System\eETkqss.exe
  C:\Windows\System\eETkqss.exe
  2⤵
  PID:14284
- C:\Windows\System\saGCiHd.exe
  C:\Windows\System\saGCiHd.exe
  2⤵
  PID:5728
- C:\Windows\System\sOUwipA.exe
  C:\Windows\System\sOUwipA.exe
  2⤵
  PID:2964
- C:\Windows\System\xWIOQcG.exe
  C:\Windows\System\xWIOQcG.exe
  2⤵
  PID:3688
- C:\Windows\System\YrBNjco.exe
  C:\Windows\System\YrBNjco.exe
  2⤵
  PID:1848
- C:\Windows\System\yqccyOE.exe
  C:\Windows\System\yqccyOE.exe
  2⤵
  PID:4864
- C:\Windows\System\jPEApKY.exe
  C:\Windows\System\jPEApKY.exe
  2⤵
  PID:4072
- C:\Windows\System\aCxMqFM.exe
  C:\Windows\System\aCxMqFM.exe
  2⤵
  PID:3848
- C:\Windows\System\ChVuhpN.exe
  C:\Windows\System\ChVuhpN.exe
  2⤵
  PID:4996
- C:\Windows\System\TKdiWyY.exe
  C:\Windows\System\TKdiWyY.exe
  2⤵
  PID:5676
- C:\Windows\System\gVvRMfm.exe
  C:\Windows\System\gVvRMfm.exe
  2⤵
  PID:2528
- C:\Windows\System\kWBHbGX.exe
  C:\Windows\System\kWBHbGX.exe
  2⤵
  PID:6256
- C:\Windows\System\zhWPaAC.exe
  C:\Windows\System\zhWPaAC.exe
  2⤵
  PID:6300
- C:\Windows\System\TCsBOTr.exe
  C:\Windows\System\TCsBOTr.exe
  2⤵
  PID:2044
- C:\Windows\System\eQBERjW.exe
  C:\Windows\System\eQBERjW.exe
  2⤵
  PID:1332
- C:\Windows\System\pHjxBCK.exe
  C:\Windows\System\pHjxBCK.exe
  2⤵
  PID:6396
- C:\Windows\System\oPrCZrX.exe
  C:\Windows\System\oPrCZrX.exe
  2⤵
  PID:6432
- C:\Windows\System\GymSLiU.exe
  C:\Windows\System\GymSLiU.exe
  2⤵
  PID:13852
- C:\Windows\System\mOZohIS.exe
  C:\Windows\System\mOZohIS.exe
  2⤵
  PID:6092
- C:\Windows\System\FoEXgkn.exe
  C:\Windows\System\FoEXgkn.exe
  2⤵
  PID:6152
- C:\Windows\System\fKQNEkR.exe
  C:\Windows\System\fKQNEkR.exe
  2⤵
  PID:6556
- C:\Windows\System\DqoKmOY.exe
  C:\Windows\System\DqoKmOY.exe
  2⤵
  PID:1924
- C:\Windows\System\SuwHsfr.exe
  C:\Windows\System\SuwHsfr.exe
  2⤵
  PID:396
- C:\Windows\System\EuTVSnD.exe
  C:\Windows\System\EuTVSnD.exe
  2⤵
  PID:440
- C:\Windows\System\gfDgGxw.exe
  C:\Windows\System\gfDgGxw.exe
  2⤵
  PID:6688
- C:\Windows\System\SedmIvC.exe
  C:\Windows\System\SedmIvC.exe
  2⤵
  PID:4132
- C:\Windows\System\WbuVJVp.exe
  C:\Windows\System\WbuVJVp.exe
  2⤵
  PID:6008
- C:\Windows\System\KZUZvpD.exe
  C:\Windows\System\KZUZvpD.exe
  2⤵
  PID:6216
- C:\Windows\System\Hkaowhp.exe
  C:\Windows\System\Hkaowhp.exe
  2⤵
  PID:6308
- C:\Windows\System\VGivltZ.exe
  C:\Windows\System\VGivltZ.exe
  2⤵
  PID:6576
- C:\Windows\System\PGjISno.exe
  C:\Windows\System\PGjISno.exe
  2⤵
  PID:3496
- C:\Windows\System\JYLLKfv.exe
  C:\Windows\System\JYLLKfv.exe
  2⤵
  PID:4552
- C:\Windows\System\lfiuJcQ.exe
  C:\Windows\System\lfiuJcQ.exe
  2⤵
  PID:2372
- C:\Windows\System\JGEqizi.exe
  C:\Windows\System\JGEqizi.exe
  2⤵
  PID:7120
- C:\Windows\System\XrINSqu.exe
  C:\Windows\System\XrINSqu.exe
  2⤵
  PID:1812
- C:\Windows\System\csdgZYF.exe
  C:\Windows\System\csdgZYF.exe
  2⤵
  PID:14248
- C:\Windows\System\XCXGNlT.exe
  C:\Windows\System\XCXGNlT.exe
  2⤵
  PID:4704
- C:\Windows\System\dLFNuJs.exe
  C:\Windows\System\dLFNuJs.exe
  2⤵
  PID:6348
- C:\Windows\System\ApHisbP.exe
  C:\Windows\System\ApHisbP.exe
  2⤵
  PID:6456
- C:\Windows\System\dMOmJWs.exe
  C:\Windows\System\dMOmJWs.exe
  2⤵
  PID:6208
- C:\Windows\System\KbaNtPc.exe
  C:\Windows\System\KbaNtPc.exe
  2⤵
  PID:6600
- C:\Windows\System\AoumdWq.exe
  C:\Windows\System\AoumdWq.exe
  2⤵
  PID:2772
- C:\Windows\System\ZVCWvfz.exe
  C:\Windows\System\ZVCWvfz.exe
  2⤵
  PID:1856
- C:\Windows\System\KzGVIYo.exe
  C:\Windows\System\KzGVIYo.exe
  2⤵
  PID:6668
- C:\Windows\System\RZSpJga.exe
  C:\Windows\System\RZSpJga.exe
  2⤵
  PID:6528
- C:\Windows\System\WZyHqcq.exe
  C:\Windows\System\WZyHqcq.exe
  2⤵
  PID:7040
- C:\Windows\System\WmRMcik.exe
  C:\Windows\System\WmRMcik.exe
  2⤵
  PID:2164
- C:\Windows\System\wzTYSHM.exe
  C:\Windows\System\wzTYSHM.exe
  2⤵
  PID:6608
- C:\Windows\System\tmHltCC.exe
  C:\Windows\System\tmHltCC.exe
  2⤵
  PID:4644
- C:\Windows\System\abeqMqh.exe
  C:\Windows\System\abeqMqh.exe
  2⤵
  PID:6812
- C:\Windows\System\hjDEsrB.exe
  C:\Windows\System\hjDEsrB.exe
  2⤵
  PID:6956
- C:\Windows\System\KFvgkQz.exe
  C:\Windows\System\KFvgkQz.exe
  2⤵
  PID:6492
- C:\Windows\System\CUTJysY.exe
  C:\Windows\System\CUTJysY.exe
  2⤵
  PID:4392
- C:\Windows\System\rmBrXcH.exe
  C:\Windows\System\rmBrXcH.exe
  2⤵
  PID:6192
- C:\Windows\System\ahVqqAH.exe
  C:\Windows\System\ahVqqAH.exe
  2⤵
  PID:6312
- C:\Windows\System\JmoIzBG.exe
  C:\Windows\System\JmoIzBG.exe
  2⤵
  PID:7028
- C:\Windows\System\RGAYbDN.exe
  C:\Windows\System\RGAYbDN.exe
  2⤵
  PID:1656
- C:\Windows\System\BFSXNDS.exe
  C:\Windows\System\BFSXNDS.exe
  2⤵
  PID:6468
- C:\Windows\System\NtVAOrQ.exe
  C:\Windows\System\NtVAOrQ.exe
  2⤵
  PID:6952
- C:\Windows\System\XIdxEnZ.exe
  C:\Windows\System\XIdxEnZ.exe
  2⤵
  PID:6844
- C:\Windows\System\RtxTgSW.exe
  C:\Windows\System\RtxTgSW.exe
  2⤵
  PID:4076
- C:\Windows\System\heNTzzK.exe
  C:\Windows\System\heNTzzK.exe
  2⤵
  PID:7176
- C:\Windows\System\dmZPXUp.exe
  C:\Windows\System\dmZPXUp.exe
  2⤵
  PID:2516
- C:\Windows\System\jDqMhOC.exe
  C:\Windows\System\jDqMhOC.exe
  2⤵
  PID:384
- C:\Windows\System\MakCkLb.exe
  C:\Windows\System\MakCkLb.exe
  2⤵
  PID:5176
- C:\Windows\System\elCvMVX.exe
  C:\Windows\System\elCvMVX.exe
  2⤵
  PID:14352
- C:\Windows\System\xPqDBwk.exe
  C:\Windows\System\xPqDBwk.exe
  2⤵
  PID:14380
- C:\Windows\System\eaRPWcc.exe
  C:\Windows\System\eaRPWcc.exe
  2⤵
  PID:14408
- C:\Windows\System\zhtBJdX.exe
  C:\Windows\System\zhtBJdX.exe
  2⤵
  PID:14436
- C:\Windows\System\qeXUjWW.exe
  C:\Windows\System\qeXUjWW.exe
  2⤵
  PID:14464
- C:\Windows\System\VsEqESW.exe
  C:\Windows\System\VsEqESW.exe
  2⤵
  PID:14492
- C:\Windows\System\LNphDMM.exe
  C:\Windows\System\LNphDMM.exe
  2⤵
  PID:14520
- C:\Windows\System\kmUPrKb.exe
  C:\Windows\System\kmUPrKb.exe
  2⤵
  PID:14548
- C:\Windows\System\TKshSxi.exe
  C:\Windows\System\TKshSxi.exe
  2⤵
  PID:14572
- C:\Windows\System\VJEXqWr.exe
  C:\Windows\System\VJEXqWr.exe
  2⤵
  PID:14604
- C:\Windows\System\mCwMXOz.exe
  C:\Windows\System\mCwMXOz.exe
  2⤵
  PID:14632
- C:\Windows\System\FtsuLrA.exe
  C:\Windows\System\FtsuLrA.exe
  2⤵
  PID:14660
- C:\Windows\System\tPemVLf.exe
  C:\Windows\System\tPemVLf.exe
  2⤵
  PID:14688
- C:\Windows\System\ZbveZIt.exe
  C:\Windows\System\ZbveZIt.exe
  2⤵
  PID:14716
- C:\Windows\System\iEgLOTo.exe
  C:\Windows\System\iEgLOTo.exe
  2⤵
  PID:14744
- C:\Windows\System\HrYgwST.exe
  C:\Windows\System\HrYgwST.exe
  2⤵
  PID:14772
- C:\Windows\System\ZRTxzOr.exe
  C:\Windows\System\ZRTxzOr.exe
  2⤵
  PID:14800
- C:\Windows\System\ecRyehE.exe
  C:\Windows\System\ecRyehE.exe
  2⤵
  PID:14828
- C:\Windows\System\MfqoJRD.exe
  C:\Windows\System\MfqoJRD.exe
  2⤵
  PID:14856
- C:\Windows\System\VFaJtNu.exe
  C:\Windows\System\VFaJtNu.exe
  2⤵
  PID:14884
- C:\Windows\System\ahpzLoF.exe
  C:\Windows\System\ahpzLoF.exe
  2⤵
  PID:14912
- C:\Windows\System\wCepqlY.exe
  C:\Windows\System\wCepqlY.exe
  2⤵
  PID:14944
- C:\Windows\System\YqpidaF.exe
  C:\Windows\System\YqpidaF.exe
  2⤵
  PID:14972
- C:\Windows\System\kzWGvzI.exe
  C:\Windows\System\kzWGvzI.exe
  2⤵
  PID:15000
- C:\Windows\System\cShNXMG.exe
  C:\Windows\System\cShNXMG.exe
  2⤵
  PID:15040
- C:\Windows\System\IKXMRuj.exe
  C:\Windows\System\IKXMRuj.exe
  2⤵
  PID:15056
- C:\Windows\System\dXQNtor.exe
  C:\Windows\System\dXQNtor.exe
  2⤵
  PID:15084
- C:\Windows\System\jqfzlwC.exe
  C:\Windows\System\jqfzlwC.exe
  2⤵
  PID:15112
- C:\Windows\System\fYQbpVg.exe
  C:\Windows\System\fYQbpVg.exe
  2⤵
  PID:15140
- C:\Windows\System\kHrnYZQ.exe
  C:\Windows\System\kHrnYZQ.exe
  2⤵
  PID:15168
- C:\Windows\System\RNJDZvm.exe
  C:\Windows\System\RNJDZvm.exe
  2⤵
  PID:15196
- C:\Windows\System\vStCTdO.exe
  C:\Windows\System\vStCTdO.exe
  2⤵
  PID:15224
- C:\Windows\System\XCAdeAZ.exe
  C:\Windows\System\XCAdeAZ.exe
  2⤵
  PID:15252
- C:\Windows\System\XpLALJx.exe
  C:\Windows\System\XpLALJx.exe
  2⤵
  PID:15280
- C:\Windows\System\vnmUvPN.exe
  C:\Windows\System\vnmUvPN.exe
  2⤵
  PID:15308
- C:\Windows\System\lwMvQnY.exe
  C:\Windows\System\lwMvQnY.exe
  2⤵
  PID:15336
- C:\Windows\System\xzyasDu.exe
  C:\Windows\System\xzyasDu.exe
  2⤵
  PID:5208
- C:\Windows\System\mTJYAAg.exe
  C:\Windows\System\mTJYAAg.exe
  2⤵
  PID:14376
- C:\Windows\System\FvUwomz.exe
  C:\Windows\System\FvUwomz.exe
  2⤵
  PID:14404
- C:\Windows\System\WfFlSwA.exe
  C:\Windows\System\WfFlSwA.exe
  2⤵
  PID:7400
- C:\Windows\System\PrKtBlf.exe
  C:\Windows\System\PrKtBlf.exe
  2⤵
  PID:7444
- C:\Windows\System\jFfGzdF.exe
  C:\Windows\System\jFfGzdF.exe
  2⤵
  PID:5296
- C:\Windows\System\kcQfdRz.exe
  C:\Windows\System\kcQfdRz.exe
  2⤵
  PID:14528
- C:\Windows\System\vXzWkpw.exe
  C:\Windows\System\vXzWkpw.exe
  2⤵
  PID:14584
- C:\Windows\System\ydpmAAb.exe
  C:\Windows\System\ydpmAAb.exe
  2⤵
  PID:5356
- C:\Windows\System\vrgNWTI.exe
  C:\Windows\System\vrgNWTI.exe
  2⤵
  PID:14652
- C:\Windows\System\PajkkGW.exe
  C:\Windows\System\PajkkGW.exe
  2⤵
  PID:14700
- C:\Windows\System\gCagKuF.exe
  C:\Windows\System\gCagKuF.exe
  2⤵
  PID:14728
- C:\Windows\System\GfmrVSU.exe
  C:\Windows\System\GfmrVSU.exe
  2⤵
  PID:14764
- C:\Windows\System\IFcWRNB.exe
  C:\Windows\System\IFcWRNB.exe
  2⤵
  PID:5472
- C:\Windows\System\ISghGkg.exe
  C:\Windows\System\ISghGkg.exe
  2⤵
  PID:14896
- C:\Windows\System\eKZHDkf.exe
  C:\Windows\System\eKZHDkf.exe
  2⤵
  PID:14908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BjIzQWC.exe

Filesize
6.0MB

MD5
1431b78507d41573187dc57daaab90ac

SHA1
d870a62484756bc66dec9b0213da303050c86666

SHA256
d0ab7ae8a90561dbf15da0b27423b7ebd9d2705f57c336d3cf28ad28d74ed050

SHA512
bde3f1d27db836e0b6d2274fe9e4c99d7f1ce4d4c792c0259b8ad9580186fea7e0cedc1c8672b6465e56cf7ff63f00d6ef36d0990f4bd5c0615f5adff777fe94

Download Submit
C:\Windows\System\BylsvjA.exe

Filesize
6.0MB

MD5
8788842d182789f863bd09e97e3c7c7f

SHA1
d361c2d55746bfe00c077ae871b1b8be2b986e41

SHA256
7257b165f467dbff70b4434981b7d7dacabc1dd7860ef24917d013583a6ad744

SHA512
b7274613c53be614c1d2b5b8dcc3fb3e6b604028ad7501a11381975dc83cf7bfc5b5878ea14b1ae8cd2a3cf02f04739f218e801c9a5aaad1a2bdf7a23a16f3a5

Download Submit
C:\Windows\System\DBInjkn.exe

Filesize
6.0MB

MD5
6c3f1a9e969fd5b1ddf01a61c962a071

SHA1
7b389833b7db20e5989bdbc2e267592fd4d4b918

SHA256
b1fb152ce63e2c8e1cf5c36eee60fa4a8512c09c46430dd1c65b807a20ab3c61

SHA512
32ef79716560e115bd1b7f8fae64a3700d3b1248601b1d45a7cf1263ae2f4962eaaf888947abf583d6a4f4ea32115b1cbf2cbe4c472f9624d128c0c33ac0f5d0

Download Submit
C:\Windows\System\EfiUEsU.exe

Filesize
6.0MB

MD5
17b1a283933ba87e783b990b6ae9ebcf

SHA1
e06085bdeff3bb0082a861c4059d44923fc0136e

SHA256
096586257765eb72f9218f1b795fc0ae0498e69352880eaf4ea8331cf6ef4f3e

SHA512
b362dd9d9829b5633155b22cf1f50b902ecc30e04423a19d628bd01cae0ab3ce7494048cdf98eb700fdba71737e8e1abf3fe3d6b4340edf279954d520dc253b5

Download Submit
C:\Windows\System\HsTgXyX.exe

Filesize
6.0MB

MD5
d4ee21d015d78a833e33d324038ca8f0

SHA1
7c41b694e7a5c0089e56d17f0a8f0856a9848189

SHA256
7404b788695ddee427cea35d996d46d10a8422bbc2ec9f0b90a58bcd5706fdaa

SHA512
e15c6dd08b75d44b0af2d29660dfbdedd0045284ffa5a7bf434e6767cb4e3cad14ffdb3cba9265629095c0471fce0d88fd240e9ed8e165c81f8f96c8d3851b16

Download Submit
C:\Windows\System\IHYMNhu.exe

Filesize
6.0MB

MD5
c7dca6fff00efaa1ce77ed634b63e278

SHA1
243b8525a478b765c72154c485313a672d4a9baa

SHA256
81e324c3c9b175b9d9966be823f993c5287a504b780fb109f1350efc077af3c1

SHA512
3fab3a05fe2c5cb41220ccc6f66c2e6104ad316fff91c0c3896629c3b377e67e00bb0fea9bd16093cc854512c6769e29494f1c07f48c1496b95cd8c7935b93f5

Download Submit
C:\Windows\System\JYrbKir.exe

Filesize
6.0MB

MD5
205451e9e13f40253eb4f42586374c3c

SHA1
cb1ef3bb5004116ee4efe5ddab5b0806a7c3e0c7

SHA256
37c48ac000349db6b5342f661b72ffa3b500917a82d11c1e609ef79593c4c7f4

SHA512
d74b3f6e97018e8bd1b0dbf572ef80521ef655e04a666f9244963d8b855054faf3809a897a828fed58ea3f8682c2e9ce6b9c49e6598da02d86cc94a4fd5bc2f3

Download Submit
C:\Windows\System\NbUZvkS.exe

Filesize
6.0MB

MD5
c1a8c1de91a6cf4efe54057f9444c8be

SHA1
c722d6c62dca45d9b8e6f381a684e5ef8d12dfb6

SHA256
b25de9ac44ad6187cb65b5c5df8dbb766706e93511a17b4ec629f9d687f68967

SHA512
c9a6f014070d87e90221eb24313cdfd89c8009455feb74eeeb5ceac918f44b56f5adc7f6692e83d8eae2d7123a360cabc6b5b62f09fee9f67091cad36bf356d9

Download Submit
C:\Windows\System\NkVVfYp.exe

Filesize
6.0MB

MD5
ff87877eaaa3696a8de53a5e78940fc6

SHA1
d2eed8865e086c130923a81fc75f9689ba632006

SHA256
6c73261f7c956df029a752a2d0a3415ee6be87ba45e94fc8d7a11ab935b6cff6

SHA512
d307456441ca043e41f8ebb00f062fa863b7d2aa2b94da24ecbc173aa0e9403701b0cba87d6fb421be2d386a3a1324c1cf2498be884555106fcd2110a51349a0

Download Submit
C:\Windows\System\QJhfQBl.exe

Filesize
6.0MB

MD5
85832127ea281fb1a7119a287e2cf2c5

SHA1
cb1a1a4c92025ff93fd7a5784945751e84fbce42

SHA256
e1e5cf1c7fd0bd524dd8e762745bfdb7c70f34c34a9dee7d2f8f446a2306242c

SHA512
a669fa90fe91c6e86d7b7bd9c9ba6e6ac7ada548a4f9be5b0ad668014c20150acb434127b850491aee815d4269fd0826aec81ccfe9906041143cbc3f24da5c4d

Download Submit
C:\Windows\System\RWwpwAe.exe

Filesize
6.0MB

MD5
b8d0622c0752d64d41fea9a0aeaccbf5

SHA1
c110467de75e62305fbc3b8bb3019f282285ab42

SHA256
de9a1b2054074bbded525e54412c59081309c97aae36f1ccd0f1151e5f38689f

SHA512
aea988cb3348159c0e83d63b5d28909cad00a59956bff34fa162b54d9ac68427415be7a67c81d5c5cbce1d9a29d9c1898cd7712a28f69e9321da9783879e227c

Download Submit
C:\Windows\System\SNYrhnQ.exe

Filesize
6.0MB

MD5
f707b0d4aa8dde99f03b289dce130729

SHA1
d3add62c8a3d46e1ce5569ffd67025124714ac7c

SHA256
f03f047def6de7c33bdc7fa07a511421938f1f8db899d3c37421c9e11d489c10

SHA512
c9bc681fa7ad542e9958663fcb212da897c232b21474b711139719bfd97814d789e3b0fb79db13c0130bec34c7e7c78d4dcc9a34218aa992426b6cca04e07fed

Download Submit
C:\Windows\System\VWUeJCV.exe

Filesize
6.0MB

MD5
361714555003d386a42b933ef7695262

SHA1
88c0ff3e6b546051d84170fb1374de4e3d6978ea

SHA256
ae68a73864d5d2244bf94fdd57f49d3c3c8be3ceb0fe45560792e23c72ce08f6

SHA512
3060c1846b2c4048c9737213ae3501cd1e3b13df9e5efb71adf2aceecbec2a163a4269b1f4a1650bdabfa90c16c71f8940a4dfc8997bbaac094c13557756f3f7

Download Submit
C:\Windows\System\VvdRwlk.exe

Filesize
6.0MB

MD5
3eed98bfd5b792751939dd40e431ea93

SHA1
bc71ffca58899c3646abc4359160a1a1bad6037b

SHA256
7eefb4652d7d8d14210909530456e3696a4ff4ae37b1ed42843e38561b7fe3ec

SHA512
1e7e10007e3e71910974598e26424021f72fc07b221cb24aaf8aac5c2f05e4bf508af5164502d0306c27857593fbc6259ace0acdb83d9be728b32953b6d54153

Download Submit
C:\Windows\System\WJMThlA.exe

Filesize
6.0MB

MD5
daad16a2cc8e660e2a4de04bae42bf24

SHA1
23eb08b536cbec1db085a6419d4c1a7c6444918f

SHA256
bec2d3ba70e3ee57d0c01b67a166317113fc156f5fe9f0e83a19d2defcf8df52

SHA512
0bb7b42455a2e495cf47ea3737a8b8c51ab80a27bb2925db622016f6bb6a30b53316462a3f80f468f2982995b55b962eac9d1f7506877429e4db9d8634d65a24

Download Submit
C:\Windows\System\XvnKBLl.exe

Filesize
6.0MB

MD5
0673ce2cda6827a5d947f4151a53641b

SHA1
5fa825dd3074d54f9c879b5e3187ad1261a46a13

SHA256
fa8be2ee0136e689cc2c12842c4a3ce4edd343213dd9e00edd4741027aa7340a

SHA512
75820ebea9299b5a7e6a652d6c12c5eb20184d084c0c33e65111c3557a91ff1695c888dc133eb5f4735c9c641d5acb6fa50ae650b8dc1af17206c29512d624ec

Download Submit
C:\Windows\System\ZHuiVHK.exe

Filesize
6.0MB

MD5
7e37c60557f3b98ce3b68111d4eebc3d

SHA1
8debe7eeb69c64ea6b61dd0a5a9ce97ab2251918

SHA256
f8ce46d2b06968ffd9cf23eea40a0ae23c3077aa6871cc80c82562d1eb42293a

SHA512
79a8c2cd4b5215fe1c98d475446956543b184af0af78c89c0ef0888114e4cc42490c3a367e80313260a39f7ed710bc58452e101b762ac6ff9f876fd769f589f2

Download Submit
C:\Windows\System\aPBGHGR.exe

Filesize
6.0MB

MD5
fa6f7798215dc90e3f05a30570a95f21

SHA1
2cda476fc8bbdea88e98c3413645c485ea0ec31d

SHA256
461162607326cc3d8bf9815697a1f3ca342c66ee9e8ec3f99acbecd4379425d7

SHA512
6d36f50928631474aa39eeec71bbacd66b68dd5ada338c35417ccb0a3710dfd893e051af9e7d47e39fdf0fa3738d8a7db31e699a9a25c5a99b31d2cab2338b2b

Download Submit
C:\Windows\System\aoloFrx.exe

Filesize
6.0MB

MD5
40a2b43b2b3fd0b7a1934817d34b5841

SHA1
c4dcdad388a262fc7f74b5112c2f618854cfcb2f

SHA256
fd91a38fff879bcb4ae25ba9160dd75197dd3a2d238d65105c77c332bba4f434

SHA512
ce6dfd072732aba3adfce8a25b36e916ad056021b0e0c7de1829a36caa40d08fbd7f6b7c4fc38e74d9848a15f86abf7d07d7702154a3ef4b74ed2de721116535

Download Submit
C:\Windows\System\cDwgJmK.exe

Filesize
6.0MB

MD5
22ddd30c01e8782a3bd302f9613150cd

SHA1
a9b8f64a8b20eb4fc05645932c66368a8746abb6

SHA256
8ec8e510e49336805094f2c6170ff72c53dedd89305979afcae2166cd4a01c63

SHA512
97bea1d46ee82dad6934ccfcbc440619616e9c9253ef80cc1efd22b3902e79ef5b2e5bd4bc96d40d491b9cf0c1726427593d614833c49ac5c80b126a878ba3bf

Download Submit
C:\Windows\System\dUthGih.exe

Filesize
6.0MB

MD5
8bf5b1bcb5798d25029682185022c01c

SHA1
1f43bc45af309bf6b0252f31c1f5b8b5fbf0e925

SHA256
5ae72152df56a4f9a50426d8b64308737da96e1ab7f7d60b7891589da867a1a1

SHA512
ca52bc783ef6044f93fc0ce1c57a836011b9862514bf16962398c5cddc660caa857248f847edda98feb21760966658a56c566cc813a9579a8cc7b54a59a563c6

Download Submit
C:\Windows\System\iQZkmOL.exe

Filesize
6.0MB

MD5
0252d1c69a2c8cc73cc774df45d222a7

SHA1
cbb0e022fcfbcaffa1d95c8b43ba0d66053cf80c

SHA256
b4d85f096d6d23595cffdee21b3be6bee656321182a6e33895a2e855e53c6aa9

SHA512
b987d2610667be11b0ba0941d07bcf85ab01c53b4904acca0f30bd09e4a07370d26afd7496b6895dc85abf18b26241915f2fed8d8ffe2f4f5b30aa7df7751e93

Download Submit
C:\Windows\System\jTuBjck.exe

Filesize
6.0MB

MD5
f83a6a6966c54305e3b07e09c788a5f5

SHA1
6a329d5122c10d298297abf4115012ebc84ec1fa

SHA256
a15eccbe0ad6e785229739d5c44f0001a6766d2fe799d77c6b6d21b6a8209aae

SHA512
68a23ad3a6bba8e9a69d474c205c0efce2179a2074cdcf044b0eecc615f15c7cf282a16b2c1afd4b9118164d6e35babfcea3995c25f5743178aeddca2ce23ea2

Download Submit
C:\Windows\System\kICAeoQ.exe

Filesize
6.0MB

MD5
80aa19ebf42be1e16716f3eed1668da7

SHA1
50716cd30dd718bd9a5d55300426226fc4e3a642

SHA256
6ecabc542078c538ecd14bfd672021eb1a0de999a3fdf79a2d4618b71eb10ef5

SHA512
fd093e10006191825767ca09ac196bbffb1ce981da4d491afbece93a51eee9e423dae63ed1f0e3beafd8a93197b175460b41fb5395c74f410105a77b6860151d

Download Submit
C:\Windows\System\rMSAekS.exe

Filesize
6.0MB

MD5
0cd1b610a4b6e8cb0e13969b14d3f642

SHA1
37c8f10a398df94bc69a0ac6c79765ccb34abf33

SHA256
3b94e224359c35991ed4ccd8bb1d920011a2d0181cc210af373c3cb5a09e4d53

SHA512
94854cb20219f1e316d39385c47a0aee91bac9ec17fcfdce75ae01c7d0cb2a4ccc646fdc3ffd36f2de9bd0d19ec074d65318802b09e9dfdff689ebab23835a29

Download Submit
C:\Windows\System\rSWxvFs.exe

Filesize
6.0MB

MD5
ba8c05cbfcd6cbf3b7318f32b04e96b7

SHA1
ead05fa2481c076edd0c27f074279c35e1815bb1

SHA256
de2f6577eda66a5f24b4549bc5be1d23af1f7bd2161f1e422b4ec7eafb84979a

SHA512
8cfa5c6151d50a83ddd64fada9d8414f5f0ff8058325ded919cea03c0a6273c7c55d90a3f381710a73f0b3aeea6ab04edcb3de05d99adebe32de7f9ec8720c71

Download Submit
C:\Windows\System\uCtAAbb.exe

Filesize
6.0MB

MD5
495aa24eac38932bfb159ab0265945a2

SHA1
2b304af8dcc1ebb9a5b51c6dbd25a03b5f2be939

SHA256
de92f441b1e1ad41c00668d923016b47600e8cd4cc64c8245e788f9cdd33ee52

SHA512
4d90844fceeee8de0f50d0fc02b61c58c964378e674968591a33f461ce8c2704731d15c1cc6b180d419f8c49de2a7341dde0bfcf990feee4eda7472df540fc28

Download Submit
C:\Windows\System\wuuaUKM.exe

Filesize
6.0MB

MD5
2ea511f62be15dd450de809ca4f62a69

SHA1
be3ee3e273f0ee45b8b6e01d501a3af4a79f3e2e

SHA256
2e85a6b926f9e2110a94218b8c92aa7ab434d9e460769000d3478175b2a6cb83

SHA512
50a659f6dad19be2fa0f6ff3aefcfa6aeb230ce26ec44d6c318170967e28ea340b75bf764cf3d7fc2b8ab2335ac02f3ffd100c8f33ff37dd47588acd55a54a78

Download Submit
C:\Windows\System\ybIdHwg.exe

Filesize
6.0MB

MD5
a1b9950a47b793b501f4308a8a5005c4

SHA1
14e32855a4bce1b63fd66c0099381ca707718a0c

SHA256
1490b37311c1671ef2e7eb69e182e953504e8af5e963a837dfa947b7bea138d5

SHA512
54122af9b2fbf66fd21cca58d1780105d284e6ee453047b3e360accbed53a7d8b8a6a0ed7ef89cff952bb344a5e9c63943ad97ce213e0bc46e3eb0ea0a806fa4

Download Submit
C:\Windows\System\yvtIHwD.exe

Filesize
6.0MB

MD5
246da9431b365923b093560470fba10f

SHA1
3fbb45e4e61e6b0ef9fc7348b4cd3c8b69e1cdc8

SHA256
0dd5421d2a45844da747b653f8f8e6bb41c808b4a8f30af7ac40c561f0b538b7

SHA512
fabbc4601ad6e1ddafaed962870be13d80424c1c912908dc3c4ece5fa46bfefc7d0aafceedc8fe783b4008ea0b3fb3f281f25bd281b5504a4a548c444e7182e9

Download Submit
C:\Windows\System\zHdDLPl.exe

Filesize
6.0MB

MD5
8198554843e6ff45bc0a460d3909ba97

SHA1
bd81f680dafacf0b132fe1b48a0fccd38858180f

SHA256
fed5291556cd537f0acb77c4010d4b65a2d8d05c6ce444bbedda67abefbc0ad0

SHA512
aaf2c2ddf6ab169237a1a660493cb44c767aacbf04a54f19f423789eea7467f11b911113509c2d5373cc0fdb655bcd11fb024701803409325a1b088579e75c9a

Download Submit
C:\Windows\System\zodUbnB.exe

Filesize
6.0MB

MD5
a3ba649c3aaf97d6efc8a42618eae2ba

SHA1
b9d780aa55400c669d57633ddf6b7f9917afd9a0

SHA256
59acdc51c9594f61bc0efb6a23d855be316266ece82931658515883db77ddccb

SHA512
63853928b3612b1a61f5bcf9fb118d4bbd209fbb2d8e30ea70d8256820d273df6e1de2b571c57178b1684658a0be4acc36ae69c5b1bce74763e111b20d66da97

Download Submit
memory/376-142-0x00007FF633140000-0x00007FF633494000-memory.dmp

Filesize
3.3MB

Download
memory/376-2195-0x00007FF633140000-0x00007FF633494000-memory.dmp

Filesize
3.3MB

Download
memory/376-585-0x00007FF633140000-0x00007FF633494000-memory.dmp

Filesize
3.3MB

Download
memory/576-143-0x00007FF651E30000-0x00007FF652184000-memory.dmp

Filesize
3.3MB

Download
memory/576-90-0x00007FF651E30000-0x00007FF652184000-memory.dmp

Filesize
3.3MB

Download
memory/576-1880-0x00007FF651E30000-0x00007FF652184000-memory.dmp

Filesize
3.3MB

Download
memory/644-119-0x00007FF79D020000-0x00007FF79D374000-memory.dmp

Filesize
3.3MB

Download
memory/644-63-0x00007FF79D020000-0x00007FF79D374000-memory.dmp

Filesize
3.3MB

Download
memory/644-1542-0x00007FF79D020000-0x00007FF79D374000-memory.dmp

Filesize
3.3MB

Download
memory/1212-2212-0x00007FF760820000-0x00007FF760B74000-memory.dmp

Filesize
3.3MB

Download
memory/1212-356-0x00007FF760820000-0x00007FF760B74000-memory.dmp

Filesize
3.3MB

Download
memory/1416-1534-0x00007FF62EC60000-0x00007FF62EFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1416-106-0x00007FF62EC60000-0x00007FF62EFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1416-51-0x00007FF62EC60000-0x00007FF62EFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1456-804-0x00007FF719330000-0x00007FF719684000-memory.dmp

Filesize
3.3MB

Download
memory/1456-2215-0x00007FF719330000-0x00007FF719684000-memory.dmp

Filesize
3.3MB

Download
memory/1456-158-0x00007FF719330000-0x00007FF719684000-memory.dmp

Filesize
3.3MB

Download
memory/2064-42-0x00007FF66CC30000-0x00007FF66CF84000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1533-0x00007FF66CC30000-0x00007FF66CF84000-memory.dmp

Filesize
3.3MB

Download
memory/2064-101-0x00007FF66CC30000-0x00007FF66CF84000-memory.dmp

Filesize
3.3MB

Download
memory/2252-2225-0x00007FF74D260000-0x00007FF74D5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-352-0x00007FF74D260000-0x00007FF74D5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-1467-0x00007FF75E6D0000-0x00007FF75EA24000-memory.dmp

Filesize
3.3MB

Download
memory/2304-32-0x00007FF75E6D0000-0x00007FF75EA24000-memory.dmp

Filesize
3.3MB

Download
memory/2376-2189-0x00007FF7CCEE0000-0x00007FF7CD234000-memory.dmp

Filesize
3.3MB

Download
memory/2376-136-0x00007FF7CCEE0000-0x00007FF7CD234000-memory.dmp

Filesize
3.3MB

Download
memory/2376-544-0x00007FF7CCEE0000-0x00007FF7CD234000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1538-0x00007FF6CDF40000-0x00007FF6CE294000-memory.dmp

Filesize
3.3MB

Download
memory/2384-55-0x00007FF6CDF40000-0x00007FF6CE294000-memory.dmp

Filesize
3.3MB

Download
memory/2384-114-0x00007FF6CDF40000-0x00007FF6CE294000-memory.dmp

Filesize
3.3MB

Download
memory/2488-24-0x00007FF790E80000-0x00007FF7911D4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-76-0x00007FF790E80000-0x00007FF7911D4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-1288-0x00007FF790E80000-0x00007FF7911D4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-805-0x00007FF708220000-0x00007FF708574000-memory.dmp

Filesize
3.3MB

Download
memory/2756-2216-0x00007FF708220000-0x00007FF708574000-memory.dmp

Filesize
3.3MB

Download
memory/2756-343-0x00007FF708220000-0x00007FF708574000-memory.dmp

Filesize
3.3MB

Download
memory/2828-350-0x00007FF74D0C0000-0x00007FF74D414000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2222-0x00007FF74D0C0000-0x00007FF74D414000-memory.dmp

Filesize
3.3MB

Download
memory/3052-1877-0x00007FF6E1360000-0x00007FF6E16B4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-85-0x00007FF6E1360000-0x00007FF6E16B4000-memory.dmp

Filesize
3.3MB

Download
memory/3176-348-0x00007FF6AFC40000-0x00007FF6AFF94000-memory.dmp

Filesize
3.3MB

Download
memory/3176-2217-0x00007FF6AFC40000-0x00007FF6AFF94000-memory.dmp

Filesize
3.3MB

Download
memory/3272-72-0x00007FF6FA7E0000-0x00007FF6FAB34000-memory.dmp

Filesize
3.3MB

Download
memory/3272-123-0x00007FF6FA7E0000-0x00007FF6FAB34000-memory.dmp

Filesize
3.3MB

Download
memory/3272-1786-0x00007FF6FA7E0000-0x00007FF6FAB34000-memory.dmp

Filesize
3.3MB

Download
memory/3320-38-0x00007FF60BC90000-0x00007FF60BFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3320-1527-0x00007FF60BC90000-0x00007FF60BFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3440-1919-0x00007FF7C2A10000-0x00007FF7C2D64000-memory.dmp

Filesize
3.3MB

Download
memory/3440-110-0x00007FF7C2A10000-0x00007FF7C2D64000-memory.dmp

Filesize
3.3MB

Download
memory/3440-164-0x00007FF7C2A10000-0x00007FF7C2D64000-memory.dmp

Filesize
3.3MB

Download
memory/3580-151-0x00007FF60A1E0000-0x00007FF60A534000-memory.dmp

Filesize
3.3MB

Download
memory/3580-2204-0x00007FF60A1E0000-0x00007FF60A534000-memory.dmp

Filesize
3.3MB

Download
memory/3580-749-0x00007FF60A1E0000-0x00007FF60A534000-memory.dmp

Filesize
3.3MB

Download
memory/3816-115-0x00007FF6CB230000-0x00007FF6CB584000-memory.dmp

Filesize
3.3MB

Download
memory/3816-1920-0x00007FF6CB230000-0x00007FF6CB584000-memory.dmp

Filesize
3.3MB

Download
memory/3816-355-0x00007FF6CB230000-0x00007FF6CB584000-memory.dmp

Filesize
3.3MB

Download
memory/4348-689-0x00007FF751F70000-0x00007FF7522C4000-memory.dmp

Filesize
3.3MB

Download
memory/4348-2205-0x00007FF751F70000-0x00007FF7522C4000-memory.dmp

Filesize
3.3MB

Download
memory/4348-145-0x00007FF751F70000-0x00007FF7522C4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-77-0x00007FF6D1950000-0x00007FF6D1CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-1827-0x00007FF6D1950000-0x00007FF6D1CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-131-0x00007FF6D1950000-0x00007FF6D1CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4388-0-0x00007FF7A1640000-0x00007FF7A1994000-memory.dmp

Filesize
3.3MB

Download
memory/4388-1-0x000001723A1B0000-0x000001723A1C0000-memory.dmp

Filesize
64KB

Download
memory/4388-54-0x00007FF7A1640000-0x00007FF7A1994000-memory.dmp

Filesize
3.3MB

Download
memory/4428-1915-0x00007FF7A22E0000-0x00007FF7A2634000-memory.dmp

Filesize
3.3MB

Download
memory/4428-150-0x00007FF7A22E0000-0x00007FF7A2634000-memory.dmp

Filesize
3.3MB

Download
memory/4428-105-0x00007FF7A22E0000-0x00007FF7A2634000-memory.dmp

Filesize
3.3MB

Download
memory/4452-124-0x00007FF6F9710000-0x00007FF6F9A64000-memory.dmp

Filesize
3.3MB

Download
memory/4452-543-0x00007FF6F9710000-0x00007FF6F9A64000-memory.dmp

Filesize
3.3MB

Download
memory/4452-2183-0x00007FF6F9710000-0x00007FF6F9A64000-memory.dmp

Filesize
3.3MB

Download
memory/4468-8-0x00007FF620BE0000-0x00007FF620F34000-memory.dmp

Filesize
3.3MB

Download
memory/4468-1273-0x00007FF620BE0000-0x00007FF620F34000-memory.dmp

Filesize
3.3MB

Download
memory/4468-61-0x00007FF620BE0000-0x00007FF620F34000-memory.dmp

Filesize
3.3MB

Download
memory/4948-1910-0x00007FF7EA0B0000-0x00007FF7EA404000-memory.dmp

Filesize
3.3MB

Download
memory/4948-95-0x00007FF7EA0B0000-0x00007FF7EA404000-memory.dmp

Filesize
3.3MB

Download
memory/4948-144-0x00007FF7EA0B0000-0x00007FF7EA404000-memory.dmp

Filesize
3.3MB

Download
memory/5072-16-0x00007FF7BF260000-0x00007FF7BF5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-62-0x00007FF7BF260000-0x00007FF7BF5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-1281-0x00007FF7BF260000-0x00007FF7BF5B4000-memory.dmp

Filesize
3.3MB

Download
memory/5096-22-0x00007FF6062C0000-0x00007FF606614000-memory.dmp

Filesize
3.3MB

Download
memory/5096-66-0x00007FF6062C0000-0x00007FF606614000-memory.dmp

Filesize
3.3MB

Download
memory/5096-1284-0x00007FF6062C0000-0x00007FF606614000-memory.dmp

Filesize
3.3MB

Download